On Wed, Jan 07, 2015 at 09:37:08AM +0100, Gilles Chehade wrote: > On Tue, Jan 06, 2015 at 07:24:45PM +0100, Jonas 'Sortie' Termansen wrote: > > On 01/06/2015 12:11 PM, Gilles Chehade wrote: > > > Index: smtp_session.c > > > =================================================================== > > > RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v > > > retrieving revision 1.221 > > > diff -u -p -r1.221 smtp_session.c > > > --- smtp_session.c 17 Dec 2014 15:49:23 -0000 1.221 > > > +++ smtp_session.c 5 Jan 2015 22:36:55 -0000 > > > @@ -315,7 +315,9 @@ header_append_domain_buffer(char *buffer > > > has_domain = 1; > > > if (buffer[i] == ':' && !escape && !comment && !quote) > > > has_group = 1; > > > - if (! isspace(buffer[i])) > > > + > > > + /* update insert point if not in comment and not on a > > > whitespace */ > > > + if (!comment && buffer[i] != ')' && !isspace((int)buffer[i])) > > > > This isspace call looks wrong, and looking at the source, so does nearby > > isspace calls. The argument to isspace() must be EOF or representable as > > an unsigned char; otherwise, the result is undefined. However, char is > > signed on some platforms, and buffer is a char pointer here, meaning > > out-of-range values might be passed. Casting to an int just sign extends > > the potential negative values, rather than mapping them to the high > > unsigned char values. The callers should be changed to the pattern > > isspace((unsigned char)buffer[i]) instead. > > > > > pos_component = i; > > > } > > > > as replied to your cc: offlist, you're right, i also spotted a few > others, i'll fix them today, thanks ! >
committed the diff, then a fix for this cast and the two or three that were around it. i had a look at other uses of ctype functions to check if there were int casts but these were the only ones. thanks ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg
