Make sure that only ascii is passed to isfoo functions.

15 files changed, 66 insertions, 31 deletions

diff --git a/THANKS b/THANKS
index 432b15330..2a1eee61a 100644
--- a/THANKS
+++ b/THANKS
@@ -66,13 +66,14 @@ Frank Tobin		   [email protected]
 Gabriel Rosenkoetter	   [email protected]
 Ga�l Qu�ri		   [email protected]
 Gene Carter                [email protected]
+Geoff Keating		   [email protected]
 Georg Schwarz              [email protected]
 Giampaolo Tomassoni        [email protected]
 Gilbert Fernandes          [email protected]
 Greg Louis		   [email protected]
 Greg Troxel		   [email protected]
 Gregory Steuck		   [email protected]
-Geoff Keating		   [email protected]
+Gregery Barton             [email protected]
 Harald Denker		   [email protected]
 Holger Baust               [email protected]
 Hendrik Buschkamp	   [email protected]
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 8378f49c7..05725c02d 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,16 @@
+2003-06-07  Werner Koch  <[email protected]>
+
+	* g10.c (add_notation_data): Make sure that only ascii is passed
+	to iscntrl.  Noted by Christian Biere.
+	* getkey.c (classify_user_id2): Replaced isspace by spacep
+	* keygen.c (keygen_set_std_prefs): Likewise. Also for isdigit.
+	(ask_user_id): Ditto.
+	(get_parameter_algo): Ditto.
+	* keyedit.c (keyedit_menu): Ditto.
+	* tdbdump.c (import_ownertrust): Ditto.  s/isxdigit/hexdigitp/.
+	* revoke.c (ask_revocation_reason): 
+	* keyserver.c (keyserver_spawn): Dito.
+
 2003-06-04  David Shaw  <[email protected]>
 
 	* options.skel: Use new hkp://subkeys.pgp.net as sample keyserver
diff --git a/g10/g10.c b/g10/g10.c
index e4ab999c6..0a7b9dae9 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -2876,13 +2876,13 @@ add_notation_data( const char *string, int which )
     /* we only support printable text - therefore we enforce the use
      * of only printable characters (an empty value is valid) */
     for( s++; *s ; s++ ) {
-	if( iscntrl(*s) ) {
+	if ((*s & 0x80))
+          highbit = 1;
+	else if (iscntrl(*s)) {
 	    log_error(_("a notation value must not use "
 			"any control characters\n") );
 	    return;
 	}
-	else if( *s & 0x80 )
-	    highbit = 1;
     }
 
     if( highbit )   /* must use UTF8 encoding */
diff --git a/g10/getkey.c b/g10/getkey.c
index a8c87dbdc..cebaa4c5a 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -569,7 +569,7 @@ classify_user_id2( const char *name,
     memset (desc, 0, sizeof *desc);
     *force_exact = 0;
     /* skip leading spaces.  Fixme: what is with trailing spaces? */
-    for(s = name; *s && isspace(*s); s++ )
+    for(s = name; *s && spacep (s); s++ )
 	;
 
     switch (*s) {
@@ -650,7 +650,7 @@ classify_user_id2( const char *name,
             }
 
 	    /* check if a hexadecimal number is terminated by EOS or blank */
-	    if (hexlength && s[hexlength] && !isspace(s[hexlength])) {
+	    if (hexlength && s[hexlength] && !spacep(s+hexlength)) {
 		if (hexprefix)	    /* a "0x" prefix without correct */
 		    return 0;	    /* termination is an error */
 		else		    /* The first chars looked like */
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 903d62322..5a641ddbc 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1100,7 +1100,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	    cmd = cmdLIST;
 	else if( *answer == CONTROL_D )
 	    cmd = cmdQUIT;
-	else if( isdigit( *answer ) ) {
+	else if( digitp(answer ) ) {
 	    cmd = cmdSELUID;
 	    arg_number = atoi(answer);
 	}
diff --git a/g10/keygen.c b/g10/keygen.c
index 48ff865e5..f8fecebcc 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -244,17 +244,17 @@ keygen_set_std_prefs (const char *string,int personal)
         string = "";
 
     for (s=string; *s; s = s2) {
-        if ((*s=='s' || *s == 'S') && isdigit(s[1]) ) {
+        if ((*s=='s' || *s == 'S') && digitp (s+1) ) {
             val = strtoul (++s, (char**)&s2, 10);
             if (set_one_pref (val, 'S', check_cipher_algo, sym, &nsym))
                 rc = -1;
         }
-        else if ((*s=='h' || *s == 'H') && isdigit(s[1]) ) {
+        else if ((*s=='h' || *s == 'H') && digitp (s+1) ) {
             val = strtoul (++s, (char**)&s2, 10);
             if (set_one_pref (val, 'H', check_digest_algo, hash, &nhash))
                 rc = -1;
         }
-        else if ((*s=='z' || *s == 'Z') && isdigit(s[1]) ) {
+        else if ((*s=='z' || *s == 'Z') && digitp (s+1) ) {
             val = strtoul (++s, (char**)&s2, 10);
             if (set_one_pref (val, 'Z', check_compress_algo, zip, &nzip))
                 rc = -1;
@@ -267,7 +267,7 @@ keygen_set_std_prefs (const char *string,int personal)
 	  mdc=0;
 	  s2=s+6;
 	}
-        else if (isspace (*s))
+        else if (spacep (s))
             s2 = s+1;
         else {
             log_info (_("invalid character in preference string\n"));
@@ -915,10 +915,10 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
 static int
 check_valid_days( const char *s )
 {
-    if( !isdigit(*s) )
+    if( !digitp(s) )
 	return 0;
     for( s++; *s; s++)
-	if( !isdigit(*s) )
+	if( !digitp(s) )
 	    break;
     if( !*s )
 	return 1;
@@ -1252,7 +1252,7 @@ ask_user_id( int mode )
 
 		if( strpbrk( aname, "<>" ) )
 		    tty_printf(_("Invalid character in name\n"));
-		else if( isdigit(*aname) )
+		else if( digitp(aname) )
 		    tty_printf(_("Name may not start with a digit\n"));
 		else if( strlen(aname) < 5 )
 		    tty_printf(_("Name must be at least 5 characters long\n"));
@@ -1522,7 +1522,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key )
     struct para_data_s *r = get_parameter( para, key );
     if( !r )
 	return -1;
-    if( isdigit( *r->u.value ) )
+    if( digitp( r->u.value ) )
 	i = atoi( r->u.value );
     else
         i = string_to_pubkey_algo( r->u.value );
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 4be8a1c68..6b7c91863 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -189,7 +189,7 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
 	  ch=opt.keyserver_port;
 	  while(*ch!='\0')
 	    {
-	      if(!isdigit(*ch))
+	      if(!digitp(ch))
 		return G10ERR_BAD_URI;
 
 	      ch++;
@@ -569,7 +569,7 @@ keyserver_spawn(int action,STRLIST list,
 
       /* remove trailing whitespace */
       plen=strlen(ptr);
-      while(plen>0 && isspace(ptr[plen-1]))
+      while(plen>0 && spacep(ptr+plen-1))
 	plen--;
       plen[ptr]='\0';
 
diff --git a/g10/revoke.c b/g10/revoke.c
index 427fa0827..db73938e2 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -636,7 +636,7 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint )
 	      return NULL; /* cancel */
 	    if( hint && !*answer )
 		n = hint;
-	    else if(!isdigit( *answer ) )
+	    else if(!digitp( answer ) )
  	        n = -1;
 	    else
 		n = atoi(answer);
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index cd46f1f5a..b5258a914 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -153,7 +153,7 @@ import_ownertrust( const char *fname )
 	    break; /* can't continue */
 	}
 	for(p = line; *p && *p != ':' ; p++ )
-	    if( !isxdigit(*p) )
+	    if( !hexdigitp(p) )
 		break;
 	if( *p != ':' ) {
 	    log_error_f(fname, _("error: missing colon\n") );
diff --git a/include/ChangeLog b/include/ChangeLog
index ef59953f4..390eb982b 100644
--- a/include/ChangeLog
+++ b/include/ChangeLog
@@ -1,3 +1,7 @@
+2003-06-07  Werner Koch  <[email protected]>
+
+	* util.h (hexdigitp,spacep,digitp): New.
+
 2003-05-21  David Shaw  <[email protected]>
 
 	* cipher.h, i18n.h, iobuf.h, memory.h, mpi.h, types.h, util.h:
diff --git a/include/util.h b/include/util.h
index 8803f6a84..eb1566712 100644
--- a/include/util.h
+++ b/include/util.h
@@ -260,6 +260,13 @@ int vasprintf ( char **result, const char *format, va_list args);
 #define wipememory2(_ptr,_set,_len) do { volatile char *_vptr=(volatile char *)(_ptr); size_t _vlen=(_len); while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } } while(0)
 #define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
 
+/*-- macros to replace ctype ones and avoid locale problems --*/
+#define spacep(p)   (*(p) == ' ' || *(p) == '\t')
+#define digitp(p)   (*(p) >= '0' && *(p) <= '9')
+#define hexdigitp(a) (digitp (a)                     \
+                      || (*(a) >= 'A' && *(a) <= 'F')  \
+                      || (*(a) >= 'a' && *(a) <= 'f'))
+
 /******* RISC OS stuff ***********/
 #ifdef __riscos__
 /* needed for strcasecmp() */
diff --git a/util/ChangeLog b/util/ChangeLog
index 76364a6ec..d676f2f57 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,12 @@
+2003-06-07  Werner Koch  <[email protected]>
+
+	* iobuf.c (check_special_filename): Replaced is isdigit by digitp
+	to avoid passing negative values and potential locale problems.
+	Problem noted by Christian Biere.
+	* strgutil.c (strlwr,strcasecmp,strncasecmp): Make sure we don't
+	pass a negative value.
+	* miscutil.c (scan_isodatestr): Ditto.
+
 2003-05-21  David Shaw  <[email protected]>
 
 	* argparse.c, dotlock.c, fileutil.c, iobuf.c, miscutil.c,
@@ -1034,7 +1043,7 @@ Fri Feb 13 15:14:13 1998  Werner Koch  ([email protected])
 
 
 
- Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ Copyright 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
 
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without
@@ -1043,5 +1052,3 @@ Fri Feb 13 15:14:13 1998  Werner Koch  ([email protected])
  This file is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-
diff --git a/util/iobuf.c b/util/iobuf.c
index 7ce1aa529..723255e62 100644
--- a/util/iobuf.c
+++ b/util/iobuf.c
@@ -1032,7 +1032,7 @@ check_special_filename ( const char *fname )
         int i;
 
         fname += 2;
-        for (i=0; isdigit (fname[i]); i++ )
+        for (i=0; digitp (fname+i); i++ )
             ;
         if ( !fname[i] ) 
             return atoi (fname);
diff --git a/util/miscutil.c b/util/miscutil.c
index 42b2b3a88..b266d27d4 100644
--- a/util/miscutil.c
+++ b/util/miscutil.c
@@ -1,5 +1,5 @@
 /* miscutil.c -  miscellaneous utilities
- *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -56,11 +56,11 @@ scan_isodatestr( const char *string )
     if( strlen(string) != 10 || string[4] != '-' || string[7] != '-' )
 	return 0;
     for( i=0; i < 4; i++ )
-	if( !isdigit(string[i]) )
+	if( !digitp(string+i) )
 	    return 0;
-    if( !isdigit(string[5]) || !isdigit(string[6]) )
+    if( !digitp(string+5) || !digitp(string+6) )
 	return 0;
-    if( !isdigit(string[8]) || !isdigit(string[9]) )
+    if( !digitp(string+8) || !digitp(string+9) )
 	return 0;
     year = atoi(string);
     month = atoi(string+5);
diff --git a/util/strgutil.c b/util/strgutil.c
index e793fc1ce..05524d84d 100644
--- a/util/strgutil.c
+++ b/util/strgutil.c
@@ -1,5 +1,6 @@
 /* strgutil.c -  string utilities
- * Copyright (C) 1994, 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ * Copyright (C) 1994, 1998, 1999, 2000, 2001,
+ *               2003 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -825,7 +826,7 @@ strlwr(char *s)
 {
     char *p;
     for(p=s; *p; p++ )
-	*p = tolower(*p);
+	*p = tolower(*(unsigned char *)p);
     return s;
 }
 #endif
@@ -835,7 +836,8 @@ int
 strcasecmp( const char *a, const char *b )
 {
     for( ; *a && *b; a++, b++ ) {
-	if( *a != *b && toupper(*a) != toupper(*b) )
+	if( *a != *b
+            && toupper(*(const byte *)a) != toupper(*(const byte *)b) )
 	    break;
     }
     return *(const byte*)a - *(const byte*)b;
@@ -847,7 +849,8 @@ int
 strncasecmp( const char *a, const char *b, size_t n )
 {
     for( ; n && *a && *b; a++, b++, n--) {
-	if( *a != *b && toupper(*a) != toupper(*b) )
+	if( *a != *b
+            && toupper(*(const byte *)a) != toupper(*(const byte *)b) )
 	    break;
     }
     if (!n)