33e5f859b9
since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger <joerg@netbsd.org>
34 lines
934 B
Text
34 lines
934 B
Text
$NetBSD: patch-ab,v 1.5 2013/08/16 08:30:20 hannken Exp $
|
|
|
|
The ctype functions work on integers.
|
|
|
|
--- cmdparse.c.orig 2013-08-08 13:58:07.000000000 +0000
|
|
+++ cmdparse.c
|
|
@@ -203,7 +203,7 @@ CPS_NormalizeLine(char *line)
|
|
|
|
/* Remove white-space at beginning and replace white-spaces with space char */
|
|
for (p = q = line; *p; p++) {
|
|
- if (isspace(*p)) {
|
|
+ if (isspace((unsigned char)(*p))) {
|
|
if (!space)
|
|
*q++ = ' ';
|
|
space = 1;
|
|
@@ -233,15 +233,15 @@ CPS_SplitWord(char *line)
|
|
char *p = line, *q = line;
|
|
|
|
/* Skip white-space before the word */
|
|
- while (*q && isspace(*q))
|
|
+ while (*q && isspace((unsigned char)(*q)))
|
|
q++;
|
|
|
|
/* Move the word to the beginning */
|
|
- while (*q && !isspace(*q))
|
|
+ while (*q && !isspace((unsigned char)(*q)))
|
|
*p++ = *q++;
|
|
|
|
/* Find the next word */
|
|
- while (*q && isspace(*q))
|
|
+ while (*q && isspace((unsigned char)(*q)))
|
|
q++;
|
|
|
|
*p = '\0';
|