From ec0a2f2683d8bc2516bd683df4e6b7e37041d1ef Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 20 Sep 2023 16:41:00 -0400 Subject: [PATCH 1/2] Fix 'negative character value' In a number of libc implementations, isalpha()/isalnum() is implemented using lookup tables (arrays): passing in a negative value can result in a read underrun. --- src/conf.c | 2 +- wolfssl/test.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index c429a7b65..188d815cc 100644 --- a/src/conf.c +++ b/src/conf.c @@ -744,7 +744,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section, strIdx += 2; startIdx = strIdx; } - while (*strIdx && (XISALNUM((int)(*strIdx)) || *strIdx == '_')) + while (*strIdx && (XISALNUM(*strIdx) || *strIdx == '_')) strIdx++; endIdx = strIdx; if (startIdx == endIdx) { diff --git a/wolfssl/test.h b/wolfssl/test.h index 3400719ed..49debc9b6 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1225,7 +1225,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, #ifndef TEST_IPV6 /* peer could be in human readable form */ - if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) { + if ( ((size_t)peer != INADDR_ANY) && isalpha(peer[0])) { #ifdef WOLFSSL_USE_POPEN_HOST char host_ipaddr[4] = { 127, 0, 0, 1 }; int found = 1; From 0925f8ab18052dc07f9d82f50f0ab3821084d9ca Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 17 Oct 2023 13:42:40 -0400 Subject: [PATCH 2/2] Use 'unsigned char' --- src/conf.c | 2 +- wolfssl/test.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index 188d815cc..cfc6085a4 100644 --- a/src/conf.c +++ b/src/conf.c @@ -744,7 +744,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section, strIdx += 2; startIdx = strIdx; } - while (*strIdx && (XISALNUM(*strIdx) || *strIdx == '_')) + while (*strIdx && (XISALNUM((unsigned char)*strIdx) || *strIdx == '_')) strIdx++; endIdx = strIdx; if (startIdx == endIdx) { diff --git a/wolfssl/test.h b/wolfssl/test.h index 49debc9b6..6882cc0b9 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1225,7 +1225,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, #ifndef TEST_IPV6 /* peer could be in human readable form */ - if ( ((size_t)peer != INADDR_ANY) && isalpha(peer[0])) { + if ( ((size_t)peer != INADDR_ANY) && isalpha((unsigned char)peer[0])) { #ifdef WOLFSSL_USE_POPEN_HOST char host_ipaddr[4] = { 127, 0, 0, 1 }; int found = 1;