From 44d84ac1646cf04ccc2c1a736f3c9d1644ccacec Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 17 Oct 2006 21:32:56 +0000 Subject: Avoid typecasting a signed char to an int when using is*() functions, as that could very well cause a negate number get passed in and thus cause reading outside of the array usually used for this purpose. We avoid this by using the uppercase macro versions introduced just now that does some extra crazy typecasts to avoid byte codes > 127 to cause negative int values. --- lib/base64.c | 4 ++-- lib/escape.c | 6 +----- lib/ftp.c | 8 ++++---- lib/http.c | 10 +++++----- lib/http_chunks.c | 2 +- lib/http_digest.c | 4 ++-- lib/http_negotiate.c | 4 ++-- lib/http_ntlm.c | 4 ++-- lib/mprintf.c | 2 +- lib/parsedate.c | 8 ++++---- lib/setup.h | 10 ++++++++++ lib/strtoofft.c | 4 ++-- lib/transfer.c | 10 +++++----- lib/url.c | 2 +- 14 files changed, 42 insertions(+), 36 deletions(-) (limited to 'lib') diff --git a/lib/base64.c b/lib/base64.c index c9e8a382c..2302eb014 100644 --- a/lib/base64.c +++ b/lib/base64.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -280,7 +280,7 @@ int main(int argc, char **argv, char **envp) for(j=0; j < 0x10; j++) if((j+i) < dataLen) - printf("%c", isgraph(data[i+j])?data[i+j]:'.'); + printf("%c", ISGRAPH(data[i+j])?data[i+j]:'.'); else break; puts(""); diff --git a/lib/escape.c b/lib/escape.c index c569902f6..9552b0f31 100644 --- a/lib/escape.c +++ b/lib/escape.c @@ -116,10 +116,6 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength) return ns; } -#define ishex(in) ((in >= 'a' && in <= 'f') || \ - (in >= 'A' && in <= 'F') || \ - (in >= '0' && in <= '9')) - char *curl_easy_unescape(CURL *handle, const char *string, int length, int *olen) { @@ -138,7 +134,7 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length, while(--alloc > 0) { in = *string; - if(('%' == in) && ishex(string[1]) && ishex(string[2])) { + if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) { /* this is two hexadecimal digits following a '%' */ char hexstr[3]; char *ptr; diff --git a/lib/ftp.c b/lib/ftp.c index eb945ef0b..e3d14a2ba 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -252,8 +252,8 @@ static void ftp_respinit(struct connectdata *conn) } /* macro to check for the last line in an FTP server response */ -#define lastline(line) (isdigit((int)line[0]) && isdigit((int)line[1]) && \ - isdigit((int)line[2]) && (' ' == line[3])) +#define lastline(line) (ISDIGIT(line[0]) && ISDIGIT(line[1]) && \ + ISDIGIT(line[2]) && (' ' == line[3])) static CURLcode ftp_readresp(curl_socket_t sockfd, struct connectdata *conn, @@ -2177,7 +2177,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn, if('(' == *bytes) break; /* skip only digits */ - if(!isdigit((int)*bytes)) { + if(!ISDIGIT(*bytes)) { bytes=NULL; break; } @@ -3208,7 +3208,7 @@ static CURLcode ftp_range(struct connectdata *conn) if(data->reqdata.use_range && data->reqdata.range) { from=curlx_strtoofft(data->reqdata.range, &ptr, 0); - while(ptr && *ptr && (isspace((int)*ptr) || (*ptr=='-'))) + while(ptr && *ptr && (ISSPACE(*ptr) || (*ptr=='-'))) ptr++; to=curlx_strtoofft(ptr, &ptr2, 0); if(ptr == ptr2) { diff --git a/lib/http.c b/lib/http.c index 0b3111f47..e31730e7d 100644 --- a/lib/http.c +++ b/lib/http.c @@ -569,7 +569,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, } /* pass all white spaces */ - while(*start && isspace((int)*start)) + while(*start && ISSPACE(*start)) start++; /* @@ -1051,7 +1051,7 @@ Curl_compareheader(char *headerline, /* line to check */ start = &headerline[hlen]; /* pass all white spaces */ - while(*start && isspace((int)*start)) + while(*start && ISSPACE(*start)) start++; /* find the end of the header line */ @@ -1558,7 +1558,7 @@ static CURLcode add_custom_headers(struct connectdata *conn, /* we require a colon for this to be a true header */ ptr++; /* pass the colon */ - while(*ptr && isspace((int)*ptr)) + while(*ptr && ISSPACE(*ptr)) ptr++; if(*ptr) { @@ -1725,12 +1725,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) redirected request is being out on thin ice. Except if the host name is the same as the first one! */ char *start = ptr+strlen("Host:"); - while(*start && isspace((int)*start )) + while(*start && ISSPACE(*start )) start++; ptr = start; /* start host-scanning here */ /* scan through the string to find the end (space or colon) */ - while(*ptr && !isspace((int)*ptr) && !(':'==*ptr)) + while(*ptr && !ISSPACE(*ptr) && !(':'==*ptr)) ptr++; if(ptr != start) { diff --git a/lib/http_chunks.c b/lib/http_chunks.c index 8e9947f5d..f398b100c 100644 --- a/lib/http_chunks.c +++ b/lib/http_chunks.c @@ -115,7 +115,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, while(length) { switch(ch->state) { case CHUNK_HEX: - if(isxdigit((int)*datap)) { + if(ISXDIGIT(*datap)) { if(ch->hexindex < MAXNUM_SIZE) { ch->hexbuffer[ch->hexindex] = *datap; datap++; diff --git a/lib/http_digest.c b/lib/http_digest.c index e1aec3919..8b605d5c5 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -75,7 +75,7 @@ CURLdigest Curl_input_digest(struct connectdata *conn, } /* skip initial whitespaces */ - while(*header && isspace((int)*header)) + while(*header && ISSPACE(*header)) header++; if(checkprefix("Digest", header)) { @@ -93,7 +93,7 @@ CURLdigest Curl_input_digest(struct connectdata *conn, char content[128]; size_t totlen=0; - while(*header && isspace((int)*header)) + while(*header && ISSPACE(*header)) header++; /* how big can these strings be? */ diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 70062f85a..eb5bd92d1 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -124,7 +124,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header) bool gss; const char* protocol; - while(*header && isspace((int)*header)) + while(*header && ISSPACE(*header)) header++; if(checkprefix("GSS-Negotiate", header)) { protocol = "GSS-Negotiate"; @@ -160,7 +160,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header) return ret; header += strlen(neg_ctx->protocol); - while(*header && isspace((int)*header)) + while(*header && ISSPACE(*header)) header++; len = strlen(header); diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index 7444a400c..8205a8fea 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -218,13 +218,13 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn, ntlm = proxy?&conn->proxyntlm:&conn->ntlm; /* skip initial whitespaces */ - while(*header && isspace((int)*header)) + while(*header && ISSPACE(*header)) header++; if(checkprefix("NTLM", header)) { header += strlen("NTLM"); - while(*header && isspace((int)*header)) + while(*header && ISSPACE(*header)) header++; if(*header) { diff --git a/lib/mprintf.c b/lib/mprintf.c index 543a39f15..610395318 100644 --- a/lib/mprintf.c +++ b/lib/mprintf.c @@ -171,7 +171,7 @@ int curl_msprintf(char *buffer, const char *format, ...); static long dprintf_DollarString(char *input, char **end) { int number=0; - while(isdigit((int)*input)) { + while(ISDIGIT(*input)) { number *= 10; number += *input-'0'; input++; diff --git a/lib/parsedate.c b/lib/parsedate.c index 37b4ddfe3..0bb6d0c5a 100644 --- a/lib/parsedate.c +++ b/lib/parsedate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -213,7 +213,7 @@ static int checktz(char *check) static void skip(const char **date) { /* skip everything that aren't letters or digits */ - while(**date && !isalnum((int)**date)) + while(**date && !ISALNUM(**date)) (*date)++; } @@ -256,7 +256,7 @@ static time_t Curl_parsedate(const char *date) skip(&date); - if(isalpha((int)*date)) { + if(ISALPHA(*date)) { /* a name coming up */ char buf[32]=""; size_t len; @@ -286,7 +286,7 @@ static time_t Curl_parsedate(const char *date) date += len; } - else if(isdigit((int)*date)) { + else if(ISDIGIT(*date)) { /* a digit */ int val; char *end; diff --git a/lib/setup.h b/lib/setup.h index a02834ecd..4f1a3c1cd 100644 --- a/lib/setup.h +++ b/lib/setup.h @@ -348,6 +348,16 @@ int fileno( FILE *stream); #define DEBUGF(x) #endif +#ifndef ISSPACE +/* typecasting craze to avoid negative number inputs to these macros */ +#define ISSPACE(x) (isspace((int)((unsigned char)x))) +#define ISDIGIT(x) (isdigit((int)((unsigned char)x))) +#define ISALNUM(x) (isalnum((int)((unsigned char)x))) +#define ISXDIGIT(x) (isxdigit((int)((unsigned char)x))) +#define ISGRAPH(x) (isgraph((int)((unsigned char)x))) +#define ISALPHA(x) (isalpha((int)((unsigned char)x))) +#endif + /* * Include macros and defines that should only be processed once. */ diff --git a/lib/strtoofft.c b/lib/strtoofft.c index b11755b1b..3ab1bfdff 100644 --- a/lib/strtoofft.c +++ b/lib/strtoofft.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -55,7 +55,7 @@ curlx_strtoll(const char *nptr, char **endptr, int base) /* Skip leading whitespace. */ end = (char *)nptr; - while (isspace((int)end[0])) { + while (ISSPACE(end[0])) { end++; } diff --git a/lib/transfer.c b/lib/transfer.c index e2df5fc12..25645c97d 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -762,7 +762,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, /* Find the first non-space letter */ for(start=k->p+13; - *start && isspace((int)*start); + *start && ISSPACE(*start); start++) ; /* empty loop */ @@ -772,7 +772,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, if(end) { /* skip all trailing space letters */ - for(; isspace((int)*end) && (end > start); end--) + for(; ISSPACE(*end) && (end > start); end--) ; /* empty loop */ /* get length of the type */ @@ -877,7 +877,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, /* Find the first non-space letter */ for(start=k->p+17; - *start && isspace((int)*start); + *start && ISSPACE(*start); start++) ; /* empty loop */ @@ -957,7 +957,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, /* Skip spaces and tabs. We do this to support multiple white spaces after the "Location:" keyword. */ - while(*start && isspace((int)*start )) + while(*start && ISSPACE(*start )) start++; /* Scan through the string from the end to find the last @@ -966,7 +966,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, there. This logic strips off trailing whitespace, but keeps any embedded whitespace. */ ptr = k->end_ptr-1; - while((ptr>=start) && isspace((int)*ptr)) + while((ptr>=start) && ISSPACE(*ptr)) ptr--; ptr++; diff --git a/lib/url.c b/lib/url.c index 312862dcb..d23660515 100644 --- a/lib/url.c +++ b/lib/url.c @@ -3252,7 +3252,7 @@ static CURLcode CreateConnection(struct SessionHandle *data, /* detect and extract RFC2732-style IPv6-addresses */ if(*proxyptr == '[') { char *ptr = ++proxyptr; /* advance beyond the initial bracket */ - while(*ptr && (isxdigit((int)*ptr) || (*ptr == ':'))) + while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':'))) ptr++; if(*ptr == ']') { /* yeps, it ended nicely with a bracket as well */ -- cgit v1.2.3