Skip to content
This repository was archived by the owner on Dec 1, 2018. It is now read-only.

Fix <ctype.h> arguments#58

Open
Sebbyastian wants to merge 274 commits intokristapsdz:masterfrom
Sebbyastian:patch-3
Open

Fix <ctype.h> arguments#58
Sebbyastian wants to merge 274 commits intokristapsdz:masterfrom
Sebbyastian:patch-3

Conversation

@Sebbyastian
Copy link

@Sebbyastian Sebbyastian commented Sep 9, 2018
edited
Loading

You need to ensure the arguments passed to <ctype.h> functions are unsigned char values or EOF. Casting to int makes no difference here; that conversion would've been implicitly performed anyway due to the type of the argument... what you need to do is cast to unsigned char.

If you need to understand why this is the case, consider that the argument for character type functions might be used as an index for an array... and negative values would cause negative indexes, leading to a situation where attackers might be able to bleed sensitive parts of program context.

kristaps added 30 commits May 15, 2016 11:48
Look again at the relinquishing of privilege. Move privilege-dropping
7ec1384 
before the pledge just for consistency.
Consistency in naming "Let's Encrypt".
86f45d6
Documents key bits.
bab2fe5
Catch error return code.
8109309
Add more documentation.
d48cff6
More documentation.
2d9941c
Properly catch when the challenge has been verified.
4b35ee6
Fix a segfault.
b9e9b61
Function attributes for messages.
f21cf92
Add forgotten waitpid for COMP_FILE and add some readops to make sure…
bbfe9e8 
… that

netproc failing doesn't cause short reads and exits.
Reduce the number of pledges in chngproc.
d37b038
Continue minimising the pledges.
8086e85
Drop privs in the correct order and make sure sys_signame is not used…
f134332 
… on Linux.
Linux compatibility.
9be9762
Fully demonstrate that chroot doesn't work on Linux for netproc.
defd48c
Catch __attribute__ warnings.
f7769cd
Documentation on Linux.
6150493
Fix for kristapsdz#1 posted by
c607a4c 
https://github.com/pozdnychev -- thanks!
Fix typo found by Anthony Bentley--thanks!
aa54c64
Initial check-in of a separate process for DNS management.
1a0c1c6
Add the dnsproc manager. This was noted by deraadt@. This does nothin…
c7fe54d 
…g but

looks up addresses as used by netproc.
Push the DNS resolution into one function for clarity.
fbb61dc 
Prune a lot of unused variables.
Fix an off-by-one and also fix closing the DNS file descriptor.
7d3bef6
Account key doesn't need read permissions.
8c5907e
Remove comment that no longer belongs.
d242836
We don't close any fds before the out, so don't check them against -1.
8a15b7b
Don't let the testing code make it out.
4e2e765
Clean up the README.
902ad76
Update notes on dnsproc.
2e35a5a
More documentation notes on why Linux and Mac OS X are a bad idea.
d029e6b
kristaps and others added 28 commits November 24, 2016 14:01
Add a fix for
233abc1 
kristapsdz/acme-client-portable#12 that pushes
the check for file pre-existence with -n and -N only into the main
process, stripping out the arguments before passing them to the child.
This fixes a race condition.
Final check-in for fork+exec fallout: have an extra argument, '-X', that
9e0c35c 
allows certain variables to be overriden.  This allows us to provide -nN
and have them properly be nullified by the child processes.
Disallow '-X' in parent process.
efbc294
Merge in OpenBSD's fix to the tls_close() function. And in doing so, …
afdffbe 
…back-

port that to the older API of libressl.
Force umask for creation of challenge file.
6c44c54
Add OCSP stapling support. Not tested yet.
fffcdf8
Add OCSP support to front-end.
4cf0d91
Expand on the external thumbprint idea, from kristapsdz/acme-client-p…
4538be8 
…ortable#13 .

This creates a triplet exported to the operator: challenge type, domain, and print.
Modified version of manpage update in kristapsdz/acme-client-portable#13
71fa0a3 
 .
Move key-generation message prior to action so that long-running task…
8cd6e10 
…s can

be noted approriately.  From kristapsdz#29 -- thanks!
Debug message before long-running action.
baefe84
Reduce using "Let's Encrypt" unless where applicable. (Future version…
e72cef3 
…s will

make this optional.)
Deprecate working with pre-5.9 OpenBSD. We should be using the most u…
44b9585 
…p to date

version of libressl out there.
Be more clear.
d1ba902
Fix a harmless error-exit found by Dimitris Papastamos---thanks!
ab6155c
Clarify that older OpenBSD isn't supported. You shouldn't be running …
f54440b 
…versions

as old as that.
Fix kristapsdz#31 --- thanks!
d496a6f
Move example configuration into the EXAMPLE section and include both …
d609cb3 
…nginx

and Apache (more to come).  Inspired by kristapsdz#32 --- thanks!
Add OpenBSD httpd(8) configuration.
b579218
Start moving operations (and configuration) into struct config.
52b8b8d
Move "force" into configuration.
fb2d049
Move "expand" and "backup" into configuration object.
1d20e1b
Move last "low-hanging fruit" config ops to configuration.
f9088e2
Bump copyright.
542f743
Move the choice of CA directory service into main.c and a config field.
eec809c
Move agreement URL into configuration as well.
09e5702
Move the challenge type into struct config.
aa252cc
@Sebbyastian
Fix <ctype.h> arguments
8c6326f 
You need to ensure the arguments passed to `<ctype.h>` functions are `unsigned char` values or `EOF`. Casting to `int` makes no difference here; that conversion would've been implicitly performed anyway due to the type of the function... what you need to do is cast to `unsigned char`.

If you need to understand why this is the case, consider that the argument for character type functions might be used as an index for an array... and negative values would cause negative indexes, leading to a situation where attackers might be able to bleed sensitive parts of program context.
@Sebbyastian
Copy link
Author

Sebbyastian commented Sep 9, 2018

While I'm on this function, a domain name is a list of labels, conventionally we separate those labels with periods... so the periods aren't really a part of the domain name per se. It's probably a bad idea to consider "..", "." and "" valid domain names.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sebbyastian