https://bugs.openldap.org/show_bug.cgi?id=9668
Issue ID: 9668
Summary: undefined behavior for isdigit in tls2.c
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
tls2.c says:
> isdigit( *c )
This invokes undefined behavior if someone manages to pass a non-ASCII
character. Depending on the platform, the process may crash or wrongly classify
the host name as either numeric or non-numeric.
While here, I noticed that both sni and c have type 'char *', but they should
rather be 'const char *'. Was there a specific reason to suggest to the reader
the host name would be modifiable?
--
You are receiving this mail because:
You are on the CC list for the issue.
