1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 15:48:49 -05:00

Avoid typecasting a signed char to an int when using is*() functions, as that

could very well cause a negate number get passed in and thus cause reading
outside of the array usually used for this purpose.

We avoid this by using the uppercase macro versions introduced just now that
does some extra crazy typecasts to avoid byte codes > 127 to cause negative
int values.
This commit is contained in:
Daniel Stenberg 2006-10-17 21:32:56 +00:00
parent 930f9bd534
commit 44d84ac164
17 changed files with 81 additions and 59 deletions

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -280,7 +280,7 @@ int main(int argc, char **argv, char **envp)
for(j=0; j < 0x10; j++)
if((j+i) < dataLen)
printf("%c", isgraph(data[i+j])?data[i+j]:'.');
printf("%c", ISGRAPH(data[i+j])?data[i+j]:'.');
else
break;
puts("");

View File

@ -116,10 +116,6 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
return ns;
}
#define ishex(in) ((in >= 'a' && in <= 'f') || \
(in >= 'A' && in <= 'F') || \
(in >= '0' && in <= '9'))
char *curl_easy_unescape(CURL *handle, const char *string, int length,
int *olen)
{
@ -138,7 +134,7 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
while(--alloc > 0) {
in = *string;
if(('%' == in) && ishex(string[1]) && ishex(string[2])) {
if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
/* this is two hexadecimal digits following a '%' */
char hexstr[3];
char *ptr;

View File

@ -252,8 +252,8 @@ static void ftp_respinit(struct connectdata *conn)
}
/* macro to check for the last line in an FTP server response */
#define lastline(line) (isdigit((int)line[0]) && isdigit((int)line[1]) && \
isdigit((int)line[2]) && (' ' == line[3]))
#define lastline(line) (ISDIGIT(line[0]) && ISDIGIT(line[1]) && \
ISDIGIT(line[2]) && (' ' == line[3]))
static CURLcode ftp_readresp(curl_socket_t sockfd,
struct connectdata *conn,
@ -2177,7 +2177,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
if('(' == *bytes)
break;
/* skip only digits */
if(!isdigit((int)*bytes)) {
if(!ISDIGIT(*bytes)) {
bytes=NULL;
break;
}
@ -3208,7 +3208,7 @@ static CURLcode ftp_range(struct connectdata *conn)
if(data->reqdata.use_range && data->reqdata.range) {
from=curlx_strtoofft(data->reqdata.range, &ptr, 0);
while(ptr && *ptr && (isspace((int)*ptr) || (*ptr=='-')))
while(ptr && *ptr && (ISSPACE(*ptr) || (*ptr=='-')))
ptr++;
to=curlx_strtoofft(ptr, &ptr2, 0);
if(ptr == ptr2) {

View File

@ -569,7 +569,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
}
/* pass all white spaces */
while(*start && isspace((int)*start))
while(*start && ISSPACE(*start))
start++;
/*
@ -1051,7 +1051,7 @@ Curl_compareheader(char *headerline, /* line to check */
start = &headerline[hlen];
/* pass all white spaces */
while(*start && isspace((int)*start))
while(*start && ISSPACE(*start))
start++;
/* find the end of the header line */
@ -1558,7 +1558,7 @@ static CURLcode add_custom_headers(struct connectdata *conn,
/* we require a colon for this to be a true header */
ptr++; /* pass the colon */
while(*ptr && isspace((int)*ptr))
while(*ptr && ISSPACE(*ptr))
ptr++;
if(*ptr) {
@ -1725,12 +1725,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
redirected request is being out on thin ice. Except if the host name
is the same as the first one! */
char *start = ptr+strlen("Host:");
while(*start && isspace((int)*start ))
while(*start && ISSPACE(*start ))
start++;
ptr = start; /* start host-scanning here */
/* scan through the string to find the end (space or colon) */
while(*ptr && !isspace((int)*ptr) && !(':'==*ptr))
while(*ptr && !ISSPACE(*ptr) && !(':'==*ptr))
ptr++;
if(ptr != start) {

View File

@ -115,7 +115,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
while(length) {
switch(ch->state) {
case CHUNK_HEX:
if(isxdigit((int)*datap)) {
if(ISXDIGIT(*datap)) {
if(ch->hexindex < MAXNUM_SIZE) {
ch->hexbuffer[ch->hexindex] = *datap;
datap++;

View File

@ -75,7 +75,7 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
}
/* skip initial whitespaces */
while(*header && isspace((int)*header))
while(*header && ISSPACE(*header))
header++;
if(checkprefix("Digest", header)) {
@ -93,7 +93,7 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
char content[128];
size_t totlen=0;
while(*header && isspace((int)*header))
while(*header && ISSPACE(*header))
header++;
/* how big can these strings be? */

View File

@ -124,7 +124,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header)
bool gss;
const char* protocol;
while(*header && isspace((int)*header))
while(*header && ISSPACE(*header))
header++;
if(checkprefix("GSS-Negotiate", header)) {
protocol = "GSS-Negotiate";
@ -160,7 +160,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header)
return ret;
header += strlen(neg_ctx->protocol);
while(*header && isspace((int)*header))
while(*header && ISSPACE(*header))
header++;
len = strlen(header);

View File

@ -218,13 +218,13 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn,
ntlm = proxy?&conn->proxyntlm:&conn->ntlm;
/* skip initial whitespaces */
while(*header && isspace((int)*header))
while(*header && ISSPACE(*header))
header++;
if(checkprefix("NTLM", header)) {
header += strlen("NTLM");
while(*header && isspace((int)*header))
while(*header && ISSPACE(*header))
header++;
if(*header) {

View File

@ -171,7 +171,7 @@ int curl_msprintf(char *buffer, const char *format, ...);
static long dprintf_DollarString(char *input, char **end)
{
int number=0;
while(isdigit((int)*input)) {
while(ISDIGIT(*input)) {
number *= 10;
number += *input-'0';
input++;

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -213,7 +213,7 @@ static int checktz(char *check)
static void skip(const char **date)
{
/* skip everything that aren't letters or digits */
while(**date && !isalnum((int)**date))
while(**date && !ISALNUM(**date))
(*date)++;
}
@ -256,7 +256,7 @@ static time_t Curl_parsedate(const char *date)
skip(&date);
if(isalpha((int)*date)) {
if(ISALPHA(*date)) {
/* a name coming up */
char buf[32]="";
size_t len;
@ -286,7 +286,7 @@ static time_t Curl_parsedate(const char *date)
date += len;
}
else if(isdigit((int)*date)) {
else if(ISDIGIT(*date)) {
/* a digit */
int val;
char *end;

View File

@ -348,6 +348,16 @@ int fileno( FILE *stream);
#define DEBUGF(x)
#endif
#ifndef ISSPACE
/* typecasting craze to avoid negative number inputs to these macros */
#define ISSPACE(x) (isspace((int)((unsigned char)x)))
#define ISDIGIT(x) (isdigit((int)((unsigned char)x)))
#define ISALNUM(x) (isalnum((int)((unsigned char)x)))
#define ISXDIGIT(x) (isxdigit((int)((unsigned char)x)))
#define ISGRAPH(x) (isgraph((int)((unsigned char)x)))
#define ISALPHA(x) (isalpha((int)((unsigned char)x)))
#endif
/*
* Include macros and defines that should only be processed once.
*/

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -55,7 +55,7 @@ curlx_strtoll(const char *nptr, char **endptr, int base)
/* Skip leading whitespace. */
end = (char *)nptr;
while (isspace((int)end[0])) {
while (ISSPACE(end[0])) {
end++;
}

View File

@ -762,7 +762,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
/* Find the first non-space letter */
for(start=k->p+13;
*start && isspace((int)*start);
*start && ISSPACE(*start);
start++)
; /* empty loop */
@ -772,7 +772,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
if(end) {
/* skip all trailing space letters */
for(; isspace((int)*end) && (end > start); end--)
for(; ISSPACE(*end) && (end > start); end--)
; /* empty loop */
/* get length of the type */
@ -877,7 +877,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
/* Find the first non-space letter */
for(start=k->p+17;
*start && isspace((int)*start);
*start && ISSPACE(*start);
start++)
; /* empty loop */
@ -957,7 +957,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
/* Skip spaces and tabs. We do this to support multiple
white spaces after the "Location:" keyword. */
while(*start && isspace((int)*start ))
while(*start && ISSPACE(*start ))
start++;
/* Scan through the string from the end to find the last
@ -966,7 +966,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
there. This logic strips off trailing whitespace, but keeps
any embedded whitespace. */
ptr = k->end_ptr-1;
while((ptr>=start) && isspace((int)*ptr))
while((ptr>=start) && ISSPACE(*ptr))
ptr--;
ptr++;

View File

@ -3252,7 +3252,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
/* detect and extract RFC2732-style IPv6-addresses */
if(*proxyptr == '[') {
char *ptr = ++proxyptr; /* advance beyond the initial bracket */
while(*ptr && (isxdigit((int)*ptr) || (*ptr == ':')))
while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':')))
ptr++;
if(*ptr == ']') {
/* yeps, it ended nicely with a bracket as well */

View File

@ -380,7 +380,7 @@ static void warnf(struct Configurable *config, const char *fmt, ...)
if(len > (int)WARN_TEXTWIDTH) {
int cut = WARN_TEXTWIDTH-1;
while(!isspace((int)ptr[cut]) && cut) {
while(!ISSPACE(ptr[cut]) && cut) {
cut--;
}
@ -933,7 +933,7 @@ static int formparse(struct Configurable *config,
while(ptr && (FORM_FILE_SEPARATOR!= *ptr)) {
/* pass all white spaces */
while(isspace((int)*ptr))
while(ISSPACE(*ptr))
ptr++;
if(curlx_strnequal("type=", ptr, 5)) {
@ -1155,7 +1155,7 @@ static void cleanarg(char *str)
static int str2num(long *val, char *str)
{
int retcode = 0;
if(isdigit((int)*str))
if(ISDIGIT(*str))
*val = atoi(str);
else
retcode = 1; /* badness */
@ -1961,7 +1961,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
if(ptr &&
(ptr == &nextarg[1]) &&
(nextarg[2] == '\\' || nextarg[2] == '/') &&
(isalpha((int)nextarg[0])) )
(ISALPHA(nextarg[0])) )
/* colon in the second column, followed by a backslash, and the
first character is an alphabetic letter:
@ -2463,7 +2463,7 @@ static int parseconfig(const char *filename,
int lineno=0;
bool alloced_param;
#define isseparator(x) (((x)=='=') || ((x) == ':'))
#define ISSEP(x) (((x)=='=') || ((x) == ':'))
while (NULL != (aline = my_get_line(file))) {
lineno++;
@ -2471,7 +2471,7 @@ static int parseconfig(const char *filename,
alloced_param=FALSE;
/* lines with # in the fist column is a comment! */
while(*line && isspace((int)*line))
while(*line && ISSPACE(*line))
line++;
switch(*line) {
@ -2487,7 +2487,7 @@ static int parseconfig(const char *filename,
/* the option keywords starts here */
option = line;
while(*line && !isspace((int)*line) && !isseparator(*line))
while(*line && !ISSPACE(*line) && !ISSEP(*line))
line++;
/* ... and has ended here */
@ -2499,7 +2499,7 @@ static int parseconfig(const char *filename,
#endif
/* pass spaces and separator(s) */
while(*line && (isspace((int)*line) || isseparator(*line)))
while(*line && (ISSPACE(*line) || ISSEP(*line)))
line++;
/* the parameter starts here (unless quoted) */
@ -2544,7 +2544,7 @@ static int parseconfig(const char *filename,
}
else {
param=line; /* parameter starts here */
while(*line && !isspace((int)*line))
while(*line && !ISSPACE(*line))
line++;
*line=0; /* zero terminate */
}
@ -2852,7 +2852,8 @@ convert_from_network(char *buffer, size_t length)
}
static
char convert_char(curl_infotype infotype, char this_char) {
char convert_char(curl_infotype infotype, char this_char)
{
/* determine how this specific character should be displayed */
switch(infotype) {
case CURLINFO_DATA_IN:
@ -2863,24 +2864,25 @@ char convert_char(curl_infotype infotype, char this_char) {
if ((this_char >= 0x20) && (this_char < 0x7f)) {
/* printable ASCII hex value: convert to host encoding */
convert_from_network(&this_char, 1);
} else {
}
else {
/* non-printable ASCII, use a replacement character */
return(UNPRINTABLE_CHAR);
return UNPRINTABLE_CHAR;
}
/* fall through to default */
default:
/* treat as host encoding */
if (isprint(this_char)
&& (this_char != '\t')
&& (this_char != '\r')
&& (this_char != '\n')) {
if (ISPRINT(this_char)
&& (this_char != '\t')
&& (this_char != '\r')
&& (this_char != '\n')) {
/* printable characters excluding tabs and line end characters */
return(this_char);
return this_char;
}
break;
}
/* non-printable, use a replacement character */
return(UNPRINTABLE_CHAR);
return UNPRINTABLE_CHAR;
}
#endif /* CURL_DOES_CONVERSIONS */

View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -184,4 +184,16 @@ int fileno( FILE *stream);
#define strdup(ptr) curlx_strdup(ptr)
#endif
#ifndef ISSPACE
/* typecasting craze to avoid negative number inputs to these macros */
/* copied from lib/setup.h */
#define ISSPACE(x) (isspace((int)((unsigned char)x)))
#define ISDIGIT(x) (isdigit((int)((unsigned char)x)))
#define ISALNUM(x) (isalnum((int)((unsigned char)x)))
#define ISXDIGIT(x) (isxdigit((int)((unsigned char)x)))
#define ISGRAPH(x) (isgraph((int)((unsigned char)x)))
#define ISALPHA(x) (isalpha((int)((unsigned char)x)))
#define ISPRINT(x) (isprint((int)((unsigned char)x)))
#endif
#endif /* __SRC_CURL_SETUP_H */

View File

@ -177,7 +177,7 @@ static GlobCode glob_range(URLGlob *glob, char *pattern,
/* patterns 0,1,2,... correspond to size=1,3,5,... */
++glob->size;
if (isalpha((int)*pattern)) { /* character range detected */
if (ISALPHA(*pattern)) { /* character range detected */
char min_c;
char max_c;
@ -205,7 +205,7 @@ static GlobCode glob_range(URLGlob *glob, char *pattern,
pat->content.CharRange.ptr_c = pat->content.CharRange.min_c = min_c;
pat->content.CharRange.max_c = max_c;
}
else if (isdigit((int)*pattern)) { /* numeric range detected */
else if (ISDIGIT(*pattern)) { /* numeric range detected */
int min_n;
int max_n;
@ -229,9 +229,11 @@ static GlobCode glob_range(URLGlob *glob, char *pattern,
if (*pattern == '0') { /* leading zero specified */
c = pattern;
while (isdigit((int)*c++))
while (ISDIGIT(*c)) {
c++;
++pat->content.NumRange.padlength; /* padding length is set for all
instances of this pattern */
}
}
}
@ -498,7 +500,7 @@ char *glob_match_url(char *filename, URLGlob *glob)
return NULL; /* major failure */
while (*filename) {
if (*filename == '#' && isdigit((int)filename[1])) {
if (*filename == '#' && ISDIGIT(filename[1])) {
unsigned long i;
char *ptr = filename;
unsigned long num = strtoul(&filename[1], &filename, 10);