From a1df06b36347a31c17d09e6ca3e1464bdf7eb4d5 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Mon, 21 Aug 2017 07:19:17 +1000
Subject: This has been added to avoid the situation where some host ctype.h
 functions return true for characters > 127.  I.e. they are allowing extended
 ASCII characters through which then cause problems.  E.g. marking superscript
 '2' as a number then causes the common (ch - '0') conversion to number to
 fail miserably.  Likewise letters with diacritical marks can also cause
 problems.

If a non-ASCII character set is being used (currently only EBCDIC), it is
adjusted for.

The implementation uses a single table with a bit for each of the defined
classes.  These functions accept an int argument and fail for
values out of range or for characters outside of the ASCII set.  They will
work for both signed and unsigned character inputs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4102)
---
 crypto/pem/pem_lib.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'crypto/pem')

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 309545b04d..97b8a0d7c0 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include <ctype.h>
+#include "internal/ctype.h"
 #include <string.h>
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
@@ -683,9 +683,6 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
 #endif
 
 /* Some helpers for PEM_read_bio_ex(). */
-
-#define isb64(c) (isalnum(c) || (c) == '+' || (c) == '/' || (c) == '=')
-
 static int sanitize_line(char *linebuf, int len, unsigned int flags)
 {
     int i;
@@ -698,7 +695,8 @@ static int sanitize_line(char *linebuf, int len, unsigned int flags)
         len++;
     } else if (flags & PEM_FLAG_ONLY_B64) {
         for (i = 0; i < len; ++i) {
-            if (!isb64(linebuf[i]) || linebuf[i] == '\n' || linebuf[i] == '\r')
+            if (!ossl_isbase64(linebuf[i]) || linebuf[i] == '\n'
+                || linebuf[i] == '\r')
                 break;
         }
         len = i;
@@ -708,7 +706,7 @@ static int sanitize_line(char *linebuf, int len, unsigned int flags)
         for (i = 0; i < len; ++i) {
             if (linebuf[i] == '\n' || linebuf[i] == '\r')
                 break;
-            if (iscntrl(linebuf[i]))
+            if (ossl_iscntrl(linebuf[i]))
                 linebuf[i] = ' ';
         }
         len = i;
-- 
cgit v1.2.3