[stunnel-users] safestring and safename insecure
Hans Werner Strube
strube at physik3.gwdg.de
Thu Aug 24 16:54:09 CEST 2006
Michal Trojnara wrote:
> Assuming on some systems isprint(x) != isprint(x&0xff): any idea how to
> exploit this "insecure" code?
>
> BTW: At least on Linux and Mac OS X isprint() returns 0 in both cases.
The same holds for Solaris. I did not actually encounter an error but just
got the idea that something may be insecure here by looking at the lines.
After all, isprint etc. are often table-based macros without range-checking
the argument. And "man isprint" clearly says that the character is unsigned:
(Solaris:)
The macro isascii() is defined on all integer values; the
rest are defined only where the argument is an int, the
value of which is representable as an unsigned char, or EOF,
(Linux:)
These functions check whether c, which must have the value of an
unsigned char or EOF, falls into a certain character class according to
the current locale.
More information about the stunnel-users
mailing list