| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210319001415.8928-1-hyunji_hong@korea.ac.kr>
Date: Fri, 19 Mar 2021 09:14:15 +0900
From: hyunji-Hong <onlygod0807@...il.com>
To: acme@...hat.com
Cc: linux-kernel@...r.kernel.org
Subject: [PATCH] Tools: lib: string: Fix isspace() parameter to avoid undefined behavior
isspace() could be vulnerable in terms of unpredictable results. So, the parameter of the isspace() should be cast with 'unsigned int'. We found out that information through these sites. (Microsoft, Stack Overflow)
url: [https://docs.microsoft.com/en-us/cpp/code-quality/c6328?view=msvc-160]
url: [https://stackoverflow.com/questions/122721]
Signed-off-by: SeungHoon Woo, Hyunji Hong, Kyeongseok Yang <hyunji_hong@...ea.ac.kr>
---
tools/lib/string.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/lib/string.c b/tools/lib/string.c
index 8b6892f959ab..7d01be5cdcf8 100644
--- a/tools/lib/string.c
+++ b/tools/lib/string.c
@@ -123,7 +123,7 @@ size_t __weak strlcpy(char *dest, const char *src, size_t size)
*/
char *skip_spaces(const char *str)
{
- while (isspace(*str))
+ while (isspace((unsigned char)*str))
++str;
return (char *)str;
}
@@ -146,7 +146,7 @@ char *strim(char *s)
return s;
end = s + size - 1;
- while (end >= s && isspace(*end))
+ while (end >= s && isspace((unsigned char)*end))
end--;
*(end + 1) = '\0';
--
2.17.1
Powered by blists - more mailing lists