[stunnel-users] safestring and safename insecure

Michal Trojnara Michal.Trojnara at mobi-com.net
Thu Aug 24 15:59:10 CEST 2006

On 2006-08-24, at 10:11, Hans Werner Strube wrote:
> The macros safestring and safename in common.h are insecure if called
> for a character with high bit set, because (int)*p will sign-extend the
> byte on machines where char is signed. Possible patch (here for 
> safestring;
> for safename correspondingly with isprint -> isalnum):
> do {char *p; for(p=(s); *p; p++) if(!isprint((int)*(unsigned char 
> *)p)) *p='.';} while(0)

Assuming on some systems isprint(x) != isprint(x&0xff): any idea how to 
exploit this "insecure" code?

BTW: At least on Linux and Mac OS X isprint() returns 0 in both cases.

#include <stdio.h>
#include <ctype.h>

int main() {
     char x='a'|0x80;
     int y=x;
     int z=(unsigned char)x;
     printf("%d %d %d %d\n", y, z, isprint(y), isprint(z));
     return 0;

Best regards,

More information about the stunnel-users mailing list