httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: [PATCH] signedness fixes
Date Sat, 03 Apr 1999 11:10:39 GMT
I get neither of these warnigns on stock versions of 4-Current,
2.8-release 
and 3.1-release for the current CVS version. Tony, could you do check if the
problem is still there ?

Dw.

> Tony Finch wrote:
> >
> > Apache 1.3.6 compiles with a few gripes about signedness on my FreeBSD
> > box, so I made this patch. It's not really as clean as it could be
> > because I'm a bit reluctant to go into the guts of all the MD5 stuff.
> > IMO most of the unsignedness should be reserved for the guts of the
> > algorithm allowing everything else to pass around unadorned const char
> > *s and therefore getting rid of loads of casting.
> >
> > Tony.
> > --
> > f.a.n.finch  dot@dotat.at  fanf@demon.net
> >
> >
> > Index: ap_md5c.c
> > ===================================================================
> > RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/ap/ap_md5c.c,v
> > retrieving revision 1.1.1.1
> > retrieving revision 1.1.1.1.2.2
> > diff -u -r1.1.1.1 -r1.1.1.1.2.2
> > --- ap_md5c.c 1999/03/26 11:57:32     1.1.1.1
> > +++ ap_md5c.c 1999/04/02 19:03:39     1.1.1.1.2.2
> > @@ -429,7 +429,8 @@
> >      }
> >  }
> >
> > -API_EXPORT(void) ap_MD5Encode(const char *pw, const char *salt,
> > +API_EXPORT(void) ap_MD5Encode(const unsigned char *pw,
> > +                           const unsigned char *salt,
> >                             char *result, size_t nbytes)
> >  {
> >      /*
> > @@ -439,7 +440,7 @@
> >       */
> >
> >      char passwd[120], *p;
> > -    const char *sp, *ep;
> > +    const unsigned char *sp, *ep;
> >      unsigned char final[16];
> >      int sl, pl, i;
> >      AP_MD5_CTX ctx, ctx1;
> > @@ -455,7 +456,7 @@
> >      /*
> >       * If it starts with the magic string, then skip that.
> >       */
> > -    if (!strncmp(sp, apr1_id, strlen(apr1_id))) {
> > +    if (!strncmp((const char *)sp, apr1_id, strlen(apr1_id))) {
> >       sp += strlen(apr1_id);
> >      }
> >
> > @@ -467,9 +468,10 @@
> >      }
> >
> >      /*
> > -     * Get the length of the true salt
> > +     * Get the length of the true salt & password
> >       */
> >      sl = ep - sp;
> > +    pl = strlen((const char *)pw);
> >
> >      /*
> >       * 'Time to make the doughnuts..'
> > @@ -479,12 +481,12 @@
> >      /*
> >       * The password first, since that is what is most unknown
> >       */
> > -    ap_MD5Update(&ctx, pw, strlen(pw));
> > +    ap_MD5Update(&ctx, pw, pl);
> >
> >      /*
> >       * Then our magic string
> >       */
> > -    ap_MD5Update(&ctx, apr1_id, strlen(apr1_id));
> > +    ap_MD5Update(&ctx, (const unsigned char *)apr1_id, strlen(apr1_id));
> >
> >      /*
> >       * Then the raw salt
> > @@ -495,12 +497,12 @@
> >       * Then just as many characters of the MD5(pw, salt, pw)
> >       */
> >      ap_MD5Init(&ctx1);
> > -    ap_MD5Update(&ctx1, pw, strlen(pw));
> > +    ap_MD5Update(&ctx1, pw, pl);
> >      ap_MD5Update(&ctx1, sp, sl);
> > -    ap_MD5Update(&ctx1, pw, strlen(pw));
> > +    ap_MD5Update(&ctx1, pw, pl);
> >      ap_MD5Final(final, &ctx1);
> > -    for(pl = strlen(pw); pl > 0; pl -= 16) {
> > -     ap_MD5Update(&ctx, final, (pl > 16) ? 16 : pl);
> > +    for(i = pl; i > 0; i -= 16) {
> > +     ap_MD5Update(&ctx, final, (i > 16) ? 16 : i);
> >      }
> >
> >      /*
> > @@ -511,7 +513,7 @@
> >      /*
> >       * Then something really weird...
> >       */
> > -    for (i = strlen(pw); i != 0; i >>= 1) {
> > +    for (i = pl; i != 0; i >>= 1) {
> >       if (i & 1) {
> >           ap_MD5Update(&ctx, final, 1);
> >       }
> > @@ -525,7 +527,7 @@
> >       * can use the string routines without bounds checking.
> >       */
> >      strcpy(passwd, apr1_id);
> > -    strncat(passwd, sp, sl);
> > +    strncat(passwd, (const char *)sp, sl);
> >      strcat(passwd, "$");
> >
> >      ap_MD5Final(final, &ctx);
> > @@ -538,7 +540,7 @@
> >      for (i = 0; i < 1000; i++) {
> >       ap_MD5Init(&ctx1);
> >       if (i & 1) {
> > -         ap_MD5Update(&ctx1, pw, strlen(pw));
> > +         ap_MD5Update(&ctx1, pw, pl);
> >       }
> >       else {
> >           ap_MD5Update(&ctx1, final, 16);
> > @@ -548,14 +550,14 @@
> >       }
> >
> >       if (i % 7) {
> > -         ap_MD5Update(&ctx1, pw, strlen(pw));
> > +         ap_MD5Update(&ctx1, pw, pl);
> >       }
> >
> >       if (i & 1) {
> >           ap_MD5Update(&ctx1, final, 16);
> >       }
> >       else {
> > -         ap_MD5Update(&ctx1, pw, strlen(pw));
> > +         ap_MD5Update(&ctx1, pw, pl);
> >       }
> >       ap_MD5Final(final,&ctx1);
> >      }
> > @@ -594,7 +596,8 @@
> >       /*
> >        * The hash was created using our custom algorithm.
> >        */
> > -     ap_MD5Encode(passwd, hash, sample, sizeof(sample));
> > +     ap_MD5Encode((const unsigned char *)passwd, (const unsigned char *)hash,
> > +                  sample, sizeof(sample));
> >      }
> >      else {
> >       /*
> > Index: ap_md5.h
> > ===================================================================
> > RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/include/ap_md5.h,v
> > retrieving revision 1.1.1.3
> > retrieving revision 1.1.1.3.2.1
> > diff -u -r1.1.1.3 -r1.1.1.3.2.1
> > --- ap_md5.h  1999/03/26 11:57:52     1.1.1.3
> > +++ ap_md5.h  1999/04/02 18:56:26     1.1.1.3.2.1
> > @@ -108,7 +108,8 @@
> >  API_EXPORT(void) ap_MD5Update(AP_MD5_CTX * context, const unsigned char *input,
> >                          unsigned int inputLen);
> >  API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX * context);
> > -API_EXPORT(void) ap_MD5Encode(const char *password, const char *salt,
> > +API_EXPORT(void) ap_MD5Encode(const unsigned char *password,
> > +                           const unsigned char *salt,
> >                             char *result, size_t nbytes);
> >  API_EXPORT(char *) ap_validate_password(const char *passwd, const char *hash);
> >
> > Index: util.c
> > ===================================================================
> > RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/main/util.c,v
> > retrieving revision 1.12
> > retrieving revision 1.12.2.1
> > diff -u -r1.12 -r1.12.2.1
> > --- util.c    1999/03/26 12:42:34     1.12
> > +++ util.c    1999/04/02 18:56:28     1.12.2.1
> > @@ -1034,8 +1034,8 @@
> >   */
> >  API_EXPORT(const char *) ap_size_list_item(const char **field, int *len)
> >  {
> > -    const unsigned char *ptr = (const unsigned char *)*field;
> > -    const unsigned char *token;
> > +    const char *ptr = *field;
> > +    const char *token;
> >      int in_qpair, in_qstr, in_com;
> >
> >      /* Find first non-comma, non-whitespace byte */
> > @@ -1083,7 +1083,7 @@
> >       ++ptr;
> >
> >      *field = ptr;
> > -    return (const char *)token;
> > +    return token;
> >  }
> >
> >  /* Retrieve an HTTP header field list item, as separated by a comma,
> > Index: util_md5.c
> > ===================================================================
> > RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/main/util_md5.c,v
> > retrieving revision 1.1.1.2
> > retrieving revision 1.1.1.2.2.1
> > diff -u -r1.1.1.2 -r1.1.1.2.2.1
> > --- util_md5.c        1999/01/12 13:01:17     1.1.1.2
> > +++ util_md5.c        1999/04/02 18:56:29     1.1.1.2.2.1
> > @@ -114,7 +114,7 @@
> >
> >  API_EXPORT(char *) ap_md5(pool *p, const unsigned char *string)
> >  {
> > -    return ap_md5_binary(p, string, strlen(string));
> > +    return ap_md5_binary(p, string, strlen((const char *)string));
> >  }
> >
> >  /* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
> > Index: htpasswd.c
> > ===================================================================
> > RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/support/htpasswd.c,v
> > retrieving revision 1.1.1.2
> > retrieving revision 1.1.1.2.2.1
> > diff -u -r1.1.1.2 -r1.1.1.2.2.1
> > --- htpasswd.c        1999/03/26 12:00:03     1.1.1.2
> > +++ htpasswd.c        1999/04/02 18:56:30     1.1.1.2.2.1
> > @@ -247,7 +247,8 @@
> >
> >      switch (alg) {
> >      case ALG_APMD5:
> > -     ap_MD5Encode(pw, salt, cpw, sizeof(cpw));
> > +     ap_MD5Encode((const unsigned char *)pw, (const unsigned char *)salt,
> > +                  cpw, sizeof(cpw));
> >       break;
> >      case ALG_CRYPT:
> >       ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
> >
> 
> --
> ===========================================================================
>    Jim Jagielski   |||   jim@jaguNET.com   |||   http://www.jaguNET.com/
>             "That's no ordinary rabbit... that's the most foul,
>             cruel and bad-tempered rodent you ever laid eyes on"

Mime
View raw message