[stunnel-users] safestring and safename insecure
Hans Werner Strube
strube at physik3.gwdg.de
Thu Aug 24 10:11:47 CEST 2006
The macros safestring and safename in common.h are insecure if called
for a character with high bit set, because (int)*p will sign-extend the
byte on machines where char is signed. Possible patch (here for safestring;
for safename correspondingly with isprint -> isalnum):
do {char *p; for(p=(s); *p; p++) if(!isprint((int)*(unsigned char *)p)) *p='.';} while(0)
More information about the stunnel-users
mailing list