From owner-freebsd-security  Thu Apr  5 17:56:50 2001
Delivered-To: freebsd-security@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP id 69BF237B424
	for <security@FreeBSD.ORG>; Thu,  5 Apr 2001 17:56:47 -0700 (PDT)
	(envelope-from dillon@earth.backplane.com)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.2/8.9.3) id f360uCN35967;
	Thu, 5 Apr 2001 17:56:12 -0700 (PDT)
	(envelope-from dillon)
Date: Thu, 5 Apr 2001 17:56:12 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200104060056.f360uCN35967@earth.backplane.com>
To: Brian Somers <brian@Awfulhak.org>
Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>,
	Mark.Andrews@nominum.com, Chris Byrnes <chris@jeah.net>,
	security@FreeBSD.ORG, brian@Awfulhak.org
Subject: Re: ntpd patch 
References:  <200104060033.f360XfP03505@hak.lan.Awfulhak.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

    The issue here is that 'tp' is a 'char' type, which may be signed
    by default (e.g. on IA32 it is signed).  If you pass a signed char
    to a ctype macro/function taking an int, any character >= 0x80 will be
    turned into a negative number when it is expanded to an integer.

    The cast to unsigned char simply ensures that when the character is
    expanded to an integer in the procedure call, it is not converted
    into a negative number.

    Now, I don't think FreeBSD cares about this at all.  However, many
    older systems do care and it is just plain common sense to not pass
    a negative number to a ctype macro when you don't need to.  The last
    time I had to port a piece of software to a Solaris box (I don't remember
    what version it was running), with -Wall -Wstrict-prototypes, the
    solaris box complained mightily about passing a char to a ctype macro.

    This is just common sense, really.  How generic do we want the code
    to be?  It certainly doesn't hurt.

						-Matt

:> 
:> +		while (tp != buf && isspace((unsigned char)(*(tp-1))))
:> 
:> (int) cast is completely wrong and dangerous.
:
:$ man isspace
:.....
:SYNOPSIS
:     #include <ctype.h>
:
:     int
:     isspace(int c)
:.....
:
:I believe the int is correct.
:
:> -- 
:> Andrey A. Chernov
:> http://ache.pp.ru/
:
:-- 
:Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
:      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message