This is an automated email from the ASF dual-hosted git repository.
chenBright pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brpc.git
The following commit(s) were added to refs/heads/master by this push:
new 291b6aaf Cast to unsigned char in ctype calls on untrusted request
bytes (#3335)
291b6aaf is described below
commit 291b6aafdcb59831ca88eaa4e6e3c3557fbf5d40
Author: sahvx655-wq <[email protected]>
AuthorDate: Sun Jun 14 10:05:11 2026 +0530
Cast to unsigned char in ctype calls on untrusted request bytes (#3335)
Signed-off-by: sahvx655-wq <[email protected]>
---
src/brpc/http_method.cpp | 2 +-
src/brpc/redis_command.cpp | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/brpc/http_method.cpp b/src/brpc/http_method.cpp
index b4f5fc43..c66ed33d 100644
--- a/src/brpc/http_method.cpp
+++ b/src/brpc/http_method.cpp
@@ -102,7 +102,7 @@ const char *HttpMethod2Str(HttpMethod method) {
}
bool Str2HttpMethod(const char* method_str, HttpMethod* method) {
- const char fc = ::toupper(*method_str);
+ const char fc = ::toupper(static_cast<unsigned char>(*method_str));
if (fc == 'G') {
if (strcasecmp(method_str + 1, /*G*/"ET") == 0) {
*method = HTTP_METHOD_GET;
diff --git a/src/brpc/redis_command.cpp b/src/brpc/redis_command.cpp
index cf1507b8..e22d35fc 100644
--- a/src/brpc/redis_command.cpp
+++ b/src/brpc/redis_command.cpp
@@ -451,7 +451,7 @@ RedisCommandConsumeState
RedisCommandParser::ConsumeImpl(butil::IOBuf& buf,
const auto first_arg = static_cast<char*>(arena->allocate(offset));
memcpy(first_arg, copy_str, offset);
for (size_t i = 0; i < offset; ++i) {
- first_arg[i] = tolower(first_arg[i]);
+ first_arg[i] = tolower(static_cast<unsigned char>(first_arg[i]));
}
_args.push_back(butil::StringPiece(first_arg, offset));
if (offset == crlf_pos) {
@@ -555,7 +555,7 @@ RedisCommandConsumeState
RedisCommandParser::ConsumeImpl(butil::IOBuf& buf,
if (_index == 0) {
// convert it to lowercase when it is command name
for (int i = 0; i < len; ++i) {
- d[i] = ::tolower(d[i]);
+ d[i] = ::tolower(static_cast<unsigned char>(d[i]));
}
}
char crlf[2];
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
