Hi,
I noticed many ctype functions (such as isalpha, isdigit, tolower) are cast to
unsigned char in httpd. This patch changes it also for one remaining check.
I'm not sure the cast is neccessary on OpenBSD, but it is undefined behaviour I
think as described in the man page isalpha(3):
"CAVEATS
The argument c must be EOF or representable as an unsigned char;
otherwise, the result is undefined."
POSIX (http://pubs.opengroup.org/onlinepubs/9699919799/functions/isalpha.html)
also says:
"The c argument is an int, the value of which the application shall ensure is
representable as an unsigned char or equal to the value of the macro EOF. If
the argument has any other value, the behavior is undefined."
I've also tested this on other OS's. For example on NetBSD it does matter there
in the inline vs non-inlined ctype functions.
Patch below:
diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c
index 1f1a03d06e2..b79ebd35932 100644
--- a/usr.sbin/httpd/server_http.c
+++ b/usr.sbin/httpd/server_http.c
@@ -220,7 +220,7 @@ server_read_http(struct bufferevent *bev, void *arg)
if (!clt->clt_line) {
/* Peek into the buffer to see if it looks like HTTP */
key = EVBUFFER_DATA(src);
- if (!isalpha(*key)) {
+ if (!isalpha((unsigned char)*key)) {
server_abort_http(clt, 400,
"invalid request line");
goto abort;
--
Kind regards,
Hiltjo