cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-library Mailing List Archives

isspace() usage in cookie.c

From: Harshal Pradhan <keeda_at_hotpop.com>
Date: Thu, 23 Sep 2004 18:45:58 +0530

Hi,

I am using curl 7.12.1 on windows (compiled with VC7.1).

With debug builds, some of my testcases that are sending cookies with
characters that have the high bit set are causing assertions in the C
runtime.

isspace() has an _ASSERTE((unsigned)(c + 1) <= 256)

And this fires when Curl_cookie_add() is stripping trailing whitespace.

Apparently, VC's isspace() has some table and this assert indicates that
there may be a out of bound access on it. I know that such kinds of
cookies are probably illegal. But I'd still rather have this fixed since
I want my application to be safe from possible strange and/or malicious
responses.

So, what is right solution in this particular case? And what kind of
patch would be accepted upstream? I think we are not really concerned
with locales etc. for this particular case and are only really looking
for the classical ASCII whitespaces, right?

I can shut it up by casting like so

    isspace((int)(unsigned char)what[len-1])

or doing something like

    (what[len-1] > 0) && isspace((int)what[len-1])

Or something else ..... Thoughts?

Harshal
Received on 2004-09-23

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET