The macros safestring and safename in common.h are insecure if called for a character with high bit set, because (int)*p will sign-extend the byte on machines where char is signed. Possible patch (here for safestring; for safename correspondingly with isprint -> isalnum):
do {char *p; for(p=(s); *p; p++) if(!isprint((int)*(unsigned char *)p)) *p='.';} while(0)
On 2006-08-24, at 10:11, Hans Werner Strube wrote:
The macros safestring and safename in common.h are insecure if called for a character with high bit set, because (int)*p will sign-extend the byte on machines where char is signed. Possible patch (here for safestring; for safename correspondingly with isprint -> isalnum):
do {char *p; for(p=(s); *p; p++) if(!isprint((int)*(unsigned char *)p)) *p='.';} while(0)
Assuming on some systems isprint(x) != isprint(x&0xff): any idea how to exploit this "insecure" code?
BTW: At least on Linux and Mac OS X isprint() returns 0 in both cases.
#include <stdio.h> #include <ctype.h>
int main() { char x='a'|0x80; int y=x; int z=(unsigned char)x; printf("%d %d %d %d\n", y, z, isprint(y), isprint(z)); return 0; }
Best regards, Mike