From owner-freebsd-security Thu Apr 5 19:36: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27]) by hub.freebsd.org (Postfix) with ESMTP id D11EE37B43E for ; Thu, 5 Apr 2001 19:35:58 -0700 (PDT) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1]) by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id MAA01530; Fri, 6 Apr 2001 12:34:52 +1000 (EST) Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au (PMDF V5.2-32 #37640) with ESMTP id <01K22VL1RIOGRW0B54@cim.alcatel.com.au>; Fri, 6 Apr 2001 12:34:47 +1100 Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.11.1/8.11.1) id f362Yin80101; Fri, 06 Apr 2001 12:34:44 +1000 (EST envelope-from jeremyp) Content-return: prohibited Date: Fri, 06 Apr 2001 12:34:44 +1000 From: Peter Jeremy Subject: Re: ntpd patch In-reply-to: <200104060056.f360uCN35967@earth.backplane.com>; from dillon@earth.backplane.com on Thu, Apr 05, 2001 at 05:56:12PM -0700 To: Matt Dillon Cc: Brian Somers , security@FreeBSD.ORG Mail-Followup-To: Matt Dillon , Brian Somers , security@FreeBSD.ORG Message-id: <20010406123444.F66243@gsmx07.alcatel.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5i References: <200104060033.f360XfP03505@hak.lan.Awfulhak.org> <200104060056.f360uCN35967@earth.backplane.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2001-Apr-05 17:56:12 -0700, Matt Dillon wrote: > The cast to unsigned char simply ensures that when the character is > expanded to an integer in the procedure call, it is not converted > into a negative number. > > Now, I don't think FreeBSD cares about this at all. Having looked at the actual macro expansions a day or so ago... If you pass a negative number to any of the isXXX() macros, you get a result of 0. This means that it is safe to pass a char to isXXX(), but the result may be incorrect for locale's other than `c'. The domain of isXXX() is restricted to values representable as unsigned char and EOF - ie [-1..255] for most implementations. Traditionally, isXXX() was commonly implemented as: extern some_int_type _ctype[257]; #define isXXX(c) (_ctype[(c)+1] & _CTYPE_XXX) which is undefined for values outside the allowable domain. FreeBSD adds range checking and returns 0 instead of de-referencing random memory in this case. FreeBSD also has some inline function wrappers so that the "char used as a subscript" warning is masked (which is probably unfortunate in this case). > This is just common sense, really. How generic do we want the code > to be? It certainly doesn't hurt. In this case, there's no reason not to do it correctly - which means using something like "isspace((unsigned char)(*(tp-1)))". (My preference would be "isspace((unsigned char)tp[-1])", but that is just cosmetic). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message