[stunnel-users] safestring and safename insecure

• Previous message (by thread): [stunnel-users] safestring and safename insecure
• Next message (by thread): [stunnel-users] stunnel 4-15 through proxy server
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michal Trojnara wrote:
> Assuming on some systems isprint(x) != isprint(x&0xff): any idea how to 
> exploit this "insecure" code?
> 
> BTW: At least on Linux and Mac OS X isprint() returns 0 in both cases.

The same holds for Solaris. I did not actually encounter an error but just
got the idea that something may be insecure here by looking at the lines.
After all, isprint etc. are often table-based macros without range-checking
the argument. And "man isprint" clearly says that the character is unsigned:
 (Solaris:)
  The macro isascii() is defined on all  integer  values;  the
  rest  are  defined  only  where  the argument is an int, the
  value of which is representable as an unsigned char, or EOF,
 (Linux:)
  These  functions  check  whether  c,  which  must  have the value of an
  unsigned char or EOF, falls into a certain character class according to
  the current locale.

• Previous message (by thread): [stunnel-users] safestring and safename insecure
• Next message (by thread): [stunnel-users] stunnel 4-15 through proxy server
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]