[stunnel-users] safestring and safename insecure

Hans Werner Strube strube at physik3.gwdg.de
Thu Aug 24 16:54:09 CEST 2006

Michal Trojnara wrote:
> Assuming on some systems isprint(x) != isprint(x&0xff): any idea how to 
> exploit this "insecure" code?
> BTW: At least on Linux and Mac OS X isprint() returns 0 in both cases.

The same holds for Solaris. I did not actually encounter an error but just
got the idea that something may be insecure here by looking at the lines.
After all, isprint etc. are often table-based macros without range-checking
the argument. And "man isprint" clearly says that the character is unsigned:
  The macro isascii() is defined on all  integer  values;  the
  rest  are  defined  only  where  the argument is an int, the
  value of which is representable as an unsigned char, or EOF,
  These  functions  check  whether  c,  which  must  have the value of an
  unsigned char or EOF, falls into a certain character class according to
  the current locale.

More information about the stunnel-users mailing list