[stunnel-users] safestring and safename insecure

Hans Werner Strube strube at physik3.gwdg.de
Thu Aug 24 16:54:09 CEST 2006


Michal Trojnara wrote:
> Assuming on some systems isprint(x) != isprint(x&0xff): any idea how to 
> exploit this "insecure" code?
> 
> BTW: At least on Linux and Mac OS X isprint() returns 0 in both cases.

The same holds for Solaris. I did not actually encounter an error but just
got the idea that something may be insecure here by looking at the lines.
After all, isprint etc. are often table-based macros without range-checking
the argument. And "man isprint" clearly says that the character is unsigned:
 (Solaris:)
  The macro isascii() is defined on all  integer  values;  the
  rest  are  defined  only  where  the argument is an int, the
  value of which is representable as an unsigned char, or EOF,
 (Linux:)
  These  functions  check  whether  c,  which  must  have the value of an
  unsigned char or EOF, falls into a certain character class according to
  the current locale.



More information about the stunnel-users mailing list