Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 2236 invoked by uid 6000); 2 Apr 1999 19:29:27 -0000
Received: (qmail 2225 invoked from network); 2 Apr 1999 19:29:24 -0000
Received: from server.noc.demon.net (HELO noc.demon.net) (193.195.224.4)
  by taz.hyperreal.org with SMTP; 2 Apr 1999 19:29:24 -0000
Received: by noc.demon.net; id UAA28901; Fri, 2 Apr 1999 20:29:22 +0100 (BST)
Received: from fanf.noc.demon.net(195.11.55.83) by inside.noc.demon.net via
 smap (3.2)
	id xma028884; Fri, 2 Apr 99 20:29:20 +0100
Received: from fanf by fanf.noc.demon.net with local (Exim 1.73 #2)
	id 10T9cz-0001eC-00; Fri, 2 Apr 1999 20:29:18 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: Tony Finch <dot@dotat.at>
To: new-httpd@apache.org
Subject: [PATCH] signedness fixes
X-Mailer: VM 6.34 under Emacs 19.34.1
Message-Id: <E10T9cz-0001eC-00@fanf.noc.demon.net>
Date: Fri, 2 Apr 1999 20:29:18 +0100
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

Apache 1.3.6 compiles with a few gripes about signedness on my FreeBSD
box, so I made this patch. It's not really as clean as it could be
because I'm a bit reluctant to go into the guts of all the MD5 stuff.
IMO most of the unsignedness should be reserved for the guts of the
algorithm allowing everything else to pass around unadorned const char
*s and therefore getting rid of loads of casting.

Tony.
-- 
f.a.n.finch  dot@dotat.at  fanf@demon.net


Index: ap_md5c.c
===================================================================
RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/ap/ap_md5c.c,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.2
diff -u -r1.1.1.1 -r1.1.1.1.2.2
--- ap_md5c.c	1999/03/26 11:57:32	1.1.1.1
+++ ap_md5c.c	1999/04/02 19:03:39	1.1.1.1.2.2
@@ -429,7 +429,8 @@
     }
 }
 
-API_EXPORT(void) ap_MD5Encode(const char *pw, const char *salt,
+API_EXPORT(void) ap_MD5Encode(const unsigned char *pw,
+			      const unsigned char *salt,
 			      char *result, size_t nbytes)
 {
     /*
@@ -439,7 +440,7 @@
      */
 
     char passwd[120], *p;
-    const char *sp, *ep;
+    const unsigned char *sp, *ep;
     unsigned char final[16];
     int sl, pl, i;
     AP_MD5_CTX ctx, ctx1;
@@ -455,7 +456,7 @@
     /*
      * If it starts with the magic string, then skip that.
      */
-    if (!strncmp(sp, apr1_id, strlen(apr1_id))) {
+    if (!strncmp((const char *)sp, apr1_id, strlen(apr1_id))) {
 	sp += strlen(apr1_id);
     }
 
@@ -467,9 +468,10 @@
     }
 
     /*
-     * Get the length of the true salt
+     * Get the length of the true salt & password
      */
     sl = ep - sp;
+    pl = strlen((const char *)pw);
 
     /*
      * 'Time to make the doughnuts..'
@@ -479,12 +481,12 @@
     /*
      * The password first, since that is what is most unknown
      */
-    ap_MD5Update(&ctx, pw, strlen(pw));
+    ap_MD5Update(&ctx, pw, pl);
 
     /*
      * Then our magic string
      */
-    ap_MD5Update(&ctx, apr1_id, strlen(apr1_id));
+    ap_MD5Update(&ctx, (const unsigned char *)apr1_id, strlen(apr1_id));
 
     /*
      * Then the raw salt
@@ -495,12 +497,12 @@
      * Then just as many characters of the MD5(pw, salt, pw)
      */
     ap_MD5Init(&ctx1);
-    ap_MD5Update(&ctx1, pw, strlen(pw));
+    ap_MD5Update(&ctx1, pw, pl);
     ap_MD5Update(&ctx1, sp, sl);
-    ap_MD5Update(&ctx1, pw, strlen(pw));
+    ap_MD5Update(&ctx1, pw, pl);
     ap_MD5Final(final, &ctx1);
-    for(pl = strlen(pw); pl > 0; pl -= 16) {
-	ap_MD5Update(&ctx, final, (pl > 16) ? 16 : pl);
+    for(i = pl; i > 0; i -= 16) {
+	ap_MD5Update(&ctx, final, (i > 16) ? 16 : i);
     }
 
     /*
@@ -511,7 +513,7 @@
     /*
      * Then something really weird...
      */
-    for (i = strlen(pw); i != 0; i >>= 1) {
+    for (i = pl; i != 0; i >>= 1) {
 	if (i & 1) {
 	    ap_MD5Update(&ctx, final, 1);
 	}
@@ -525,7 +527,7 @@
      * can use the string routines without bounds checking.
      */
     strcpy(passwd, apr1_id);
-    strncat(passwd, sp, sl);
+    strncat(passwd, (const char *)sp, sl);
     strcat(passwd, "$");
 
     ap_MD5Final(final, &ctx);
@@ -538,7 +540,7 @@
     for (i = 0; i < 1000; i++) {
 	ap_MD5Init(&ctx1);
 	if (i & 1) {
-	    ap_MD5Update(&ctx1, pw, strlen(pw));
+	    ap_MD5Update(&ctx1, pw, pl);
 	}
 	else {
 	    ap_MD5Update(&ctx1, final, 16);
@@ -548,14 +550,14 @@
 	}
 
 	if (i % 7) {
-	    ap_MD5Update(&ctx1, pw, strlen(pw));
+	    ap_MD5Update(&ctx1, pw, pl);
 	}
 
 	if (i & 1) {
 	    ap_MD5Update(&ctx1, final, 16);
 	}
 	else {
-	    ap_MD5Update(&ctx1, pw, strlen(pw));
+	    ap_MD5Update(&ctx1, pw, pl);
 	}
 	ap_MD5Final(final,&ctx1);
     }
@@ -594,7 +596,8 @@
 	/*
 	 * The hash was created using our custom algorithm.
 	 */
-	ap_MD5Encode(passwd, hash, sample, sizeof(sample));
+	ap_MD5Encode((const unsigned char *)passwd, (const unsigned char *)hash,
+		     sample, sizeof(sample));
     }
     else {
 	/*
Index: ap_md5.h
===================================================================
RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/include/ap_md5.h,v
retrieving revision 1.1.1.3
retrieving revision 1.1.1.3.2.1
diff -u -r1.1.1.3 -r1.1.1.3.2.1
--- ap_md5.h	1999/03/26 11:57:52	1.1.1.3
+++ ap_md5.h	1999/04/02 18:56:26	1.1.1.3.2.1
@@ -108,7 +108,8 @@
 API_EXPORT(void) ap_MD5Update(AP_MD5_CTX * context, const unsigned char *input,
 			   unsigned int inputLen);
 API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX * context);
-API_EXPORT(void) ap_MD5Encode(const char *password, const char *salt,
+API_EXPORT(void) ap_MD5Encode(const unsigned char *password,
+			      const unsigned char *salt,
 			      char *result, size_t nbytes);
 API_EXPORT(char *) ap_validate_password(const char *passwd, const char *hash);
 
Index: util.c
===================================================================
RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/main/util.c,v
retrieving revision 1.12
retrieving revision 1.12.2.1
diff -u -r1.12 -r1.12.2.1
--- util.c	1999/03/26 12:42:34	1.12
+++ util.c	1999/04/02 18:56:28	1.12.2.1
@@ -1034,8 +1034,8 @@
  */
 API_EXPORT(const char *) ap_size_list_item(const char **field, int *len)
 {
-    const unsigned char *ptr = (const unsigned char *)*field;
-    const unsigned char *token;
+    const char *ptr = *field;
+    const char *token;
     int in_qpair, in_qstr, in_com;
 
     /* Find first non-comma, non-whitespace byte */
@@ -1083,7 +1083,7 @@
 	++ptr;
 
     *field = ptr;
-    return (const char *)token;
+    return token;
 }
 
 /* Retrieve an HTTP header field list item, as separated by a comma,
Index: util_md5.c
===================================================================
RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/main/util_md5.c,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.2.1
diff -u -r1.1.1.2 -r1.1.1.2.2.1
--- util_md5.c	1999/01/12 13:01:17	1.1.1.2
+++ util_md5.c	1999/04/02 18:56:29	1.1.1.2.2.1
@@ -114,7 +114,7 @@
 
 API_EXPORT(char *) ap_md5(pool *p, const unsigned char *string)
 {
-    return ap_md5_binary(p, string, strlen(string));
+    return ap_md5_binary(p, string, strlen((const char *)string));
 }
 
 /* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
Index: htpasswd.c
===================================================================
RCS file: /a/cvsroot/src/www/apache_1-3_fanf/src/support/htpasswd.c,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.2.1
diff -u -r1.1.1.2 -r1.1.1.2.2.1
--- htpasswd.c	1999/03/26 12:00:03	1.1.1.2
+++ htpasswd.c	1999/04/02 18:56:30	1.1.1.2.2.1
@@ -247,7 +247,8 @@
 
     switch (alg) {
     case ALG_APMD5:
-	ap_MD5Encode(pw, salt, cpw, sizeof(cpw));
+	ap_MD5Encode((const unsigned char *)pw, (const unsigned char *)salt,
+		     cpw, sizeof(cpw));
 	break;
     case ALG_CRYPT:
 	ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);