Callers used to check that the string was hex before calling hexchar().
Now callers must check for a -1 return value instead.
#include "missing.h"
#include "sudo_debug.h"
-#include "fatal.h"
+/*
+ * Converts a two-byte hex string to decimal.
+ * Returns the decimal value or -1 for invalid input.
+ */
int
hexchar(const char *s)
{
result[i] = 15;
break;
default:
- /* Should not happen. */
- fatalx("internal error, \\x%s not in proper hex format", s);
+ /* Invalid input. */
+ debug_return_int(-1);
}
}
debug_return_int((result[0] << 4) | result[1]);
# include <ndir.h>
# endif
#endif
-#include <ctype.h>
#include <pwd.h>
#include <grp.h>
#include <errno.h>
SHA2_CTX ctx;
FILE *fp;
unsigned int i;
+ int h;
debug_decl(digest_matches, SUDO_DEBUG_MATCH)
for (i = 0; digest_functions[i].digest_name != NULL; i++) {
if (strlen(sd->digest_str) == func->digest_len * 2) {
/* Convert the command digest from ascii hex to binary. */
for (i = 0; i < func->digest_len; i++) {
- if (!isxdigit((unsigned char)sd->digest_str[i + i]) ||
- !isxdigit((unsigned char)sd->digest_str[i + i + 1])) {
+ h = hexchar(&sd->digest_str[i + i]);
+ if (h == -1)
goto bad_format;
- }
- sudoers_digest[i] = hexchar(&sd->digest_str[i + i]);
+ sudoers_digest[i] = (unsigned char)h;
}
} else {
size_t len = base64_decode(sd->digest_str, sudoers_digest,
#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
# include <malloc.h>
#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
-#include <ctype.h>
#include <errno.h>
#include "sudoers.h"
fill_txt(const char *src, int len, int olen)
{
char *dst;
+ int h;
debug_decl(fill_txt, SUDO_DEBUG_PARSER)
dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1);
dst += olen;
while (len--) {
if (*src == '\\' && len) {
- if (src[1] == 'x' && len >= 3 &&
- isxdigit((unsigned char) src[2]) &&
- isxdigit((unsigned char) src[3])) {
- *dst++ = hexchar(src + 2);
+ if (src[1] == 'x' && len >= 3 && (h = hexchar(src + 2)) != -1) {
+ *dst++ = h;
src += 4;
len -= 3;
} else {
projects / sudo / commitdiff