https://bugs.openldap.org/show_bug.cgi?id=9668
Issue ID: 9668 Summary: undefined behavior for isdigit in tls2.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: roland.illig@gmx.de Target Milestone: ---
tls2.c says:
isdigit( *c )
This invokes undefined behavior if someone manages to pass a non-ASCII character. Depending on the platform, the process may crash or wrongly classify the host name as either numeric or non-numeric.
While here, I noticed that both sni and c have type 'char *', but they should rather be 'const char *'. Was there a specific reason to suggest to the reader the host name would be modifiable?
https://bugs.openldap.org/show_bug.cgi?id=9668
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |needs_review
https://bugs.openldap.org/show_bug.cgi?id=9668
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Howard Chu hyc@openldap.org --- (In reply to roland.illig from comment #0)
tls2.c says:
isdigit( *c )
This invokes undefined behavior if someone manages to pass a non-ASCII character.
Thanks, fixed in git master.
Depending on the platform, the process may crash
BSD-derived libc's have always handled negative values here.
or wrongly classify the host name as either numeric or non-numeric.
Wrongly classifying is clearly not possible, as non-ASCII chars are all non-digits.
While here, I noticed that both sni and c have type 'char *', but they should rather be 'const char *'. Was there a specific reason to suggest to the reader the host name would be modifiable?
No reason.
https://bugs.openldap.org/show_bug.cgi?id=9668
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|--- |2.5.8 Assignee|bugs@openldap.org |hyc@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=9668
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- Commits: • 6c0dc993 by Howard Chu at 2021-09-06T21:14:21+01:00 ITS#9668 ldap_int_tls_connect: isdigit() requires unsigned char
https://bugs.openldap.org/show_bug.cgi?id=9668
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- RE25:
• 66fc4781 by Howard Chu at 2021-09-07T16:13:05+00:00 ITS#9668 ldap_int_tls_connect: isdigit() requires unsigned char
https://bugs.openldap.org/show_bug.cgi?id=9668
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org