Commit 44d84ac1 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Avoid typecasting a signed char to an int when using is*() functions, as that 

could very well cause a negate number get passed in and thus cause reading
outside of the array usually used for this purpose.

We avoid this by using the uppercase macro versions introduced just now that
does some extra crazy typecasts to avoid byte codes > 127 to cause negative
int values.
parent 930f9bd5

lib/base64.c

+2 −2
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -280,7 +280,7 @@ int main(int argc, char **argv, char **envp) 


    for(j=0; j < 0x10; j++)

      if((j+i) < dataLen)

        printf("%c", isgraph(data[i+j])?data[i+j]:'.');

        printf("%c", ISGRAPH(data[i+j])?data[i+j]:'.');

      else

        break;

    puts("");

lib/escape.c

+1 −5
Original line number Diff line number Diff line
@@ -116,10 +116,6 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength) 
  return ns;

}



#define ishex(in) ((in >= 'a' && in <= 'f') || \

                   (in >= 'A' && in <= 'F') || \

                   (in >= '0' && in <= '9'))



char *curl_easy_unescape(CURL *handle, const char *string, int length,

                         int *olen)

{
@@ -138,7 +134,7 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length, 


  while(--alloc > 0) {

    in = *string;

    if(('%' == in) && ishex(string[1]) && ishex(string[2])) {

    if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {

      /* this is two hexadecimal digits following a '%' */

      char hexstr[3];

      char *ptr;

lib/ftp.c

+4 −4
Original line number Diff line number Diff line
@@ -252,8 +252,8 @@ static void ftp_respinit(struct connectdata *conn) 
}



/* macro to check for the last line in an FTP server response */

#define lastline(line) (isdigit((int)line[0]) && isdigit((int)line[1]) && \

                        isdigit((int)line[2]) && (' ' == line[3]))

#define lastline(line) (ISDIGIT(line[0]) && ISDIGIT(line[1]) && \

                        ISDIGIT(line[2]) && (' ' == line[3]))



static CURLcode ftp_readresp(curl_socket_t sockfd,

                             struct connectdata *conn,
@@ -2177,7 +2177,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn, 
          if('(' == *bytes)

            break;

          /* skip only digits */

          if(!isdigit((int)*bytes)) {

          if(!ISDIGIT(*bytes)) {

            bytes=NULL;

            break;

          }
@@ -3208,7 +3208,7 @@ static CURLcode ftp_range(struct connectdata *conn) 


  if(data->reqdata.use_range && data->reqdata.range) {

    from=curlx_strtoofft(data->reqdata.range, &ptr, 0);

    while(ptr && *ptr && (isspace((int)*ptr) || (*ptr=='-')))

    while(ptr && *ptr && (ISSPACE(*ptr) || (*ptr=='-')))

      ptr++;

    to=curlx_strtoofft(ptr, &ptr2, 0);

    if(ptr == ptr2) {

lib/http.c

+5 −5
Original line number Diff line number Diff line
@@ -569,7 +569,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, 
  }



  /* pass all white spaces */

  while(*start && isspace((int)*start))

  while(*start && ISSPACE(*start))

    start++;



  /*
@@ -1051,7 +1051,7 @@ Curl_compareheader(char *headerline, /* line to check */ 
  start = &headerline[hlen];



  /* pass all white spaces */

  while(*start && isspace((int)*start))

  while(*start && ISSPACE(*start))

    start++;



  /* find the end of the header line */
@@ -1558,7 +1558,7 @@ static CURLcode add_custom_headers(struct connectdata *conn, 
      /* we require a colon for this to be a true header */



      ptr++; /* pass the colon */

      while(*ptr && isspace((int)*ptr))

      while(*ptr && ISSPACE(*ptr))

        ptr++;



      if(*ptr) {
@@ -1725,12 +1725,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) 
       redirected request is being out on thin ice. Except if the host name

       is the same as the first one! */

    char *start = ptr+strlen("Host:");

    while(*start && isspace((int)*start ))

    while(*start && ISSPACE(*start ))

      start++;

    ptr = start; /* start host-scanning here */



    /* scan through the string to find the end (space or colon) */

    while(*ptr && !isspace((int)*ptr) && !(':'==*ptr))

    while(*ptr && !ISSPACE(*ptr) && !(':'==*ptr))

      ptr++;



    if(ptr != start) {

lib/http_chunks.c

+1 −1
Original line number Diff line number Diff line
@@ -115,7 +115,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, 
  while(length) {

    switch(ch->state) {

    case CHUNK_HEX:

      if(isxdigit((int)*datap)) {

      if(ISXDIGIT(*datap)) {

        if(ch->hexindex < MAXNUM_SIZE) {

          ch->hexbuffer[ch->hexindex] = *datap;

          datap++;