[stunnel-users] safestring and safename insecure

• Previous message (by thread): [stunnel-users] Re: Stunnel Crash: Gmail SMTP over TLS
• Next message (by thread): [stunnel-users] safestring and safename insecure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The macros safestring and safename in common.h are insecure if called
for a character with high bit set, because (int)*p will sign-extend the
byte on machines where char is signed. Possible patch (here for safestring;
for safename correspondingly with isprint -> isalnum):

do {char *p; for(p=(s); *p; p++) if(!isprint((int)*(unsigned char *)p)) *p='.';} while(0)

• Previous message (by thread): [stunnel-users] Re: Stunnel Crash: Gmail SMTP over TLS
• Next message (by thread): [stunnel-users] safestring and safename insecure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]