Cast the argument to unsigned char when calling isdigit()

Fixes #21123

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21127)

diff --git a/apps/s_client.c b/apps/s_client.c
index 56497a9f2bdf80a33940f2a33e9b788c64eb6a72..534bb5cc66824f2e2f2139386cc8cd956fbf2375 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2466,7 +2466,7 @@ int s_client_main(int argc, char **argv)
             do {
                 mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
             }
-            while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' '));
+            while (mbuf_len > 3 && (!isdigit((unsigned char)mbuf[0]) || !isdigit((unsigned char)mbuf[1]) || !isdigit((unsigned char)mbuf[2]) || mbuf[3] != ' '));
             (void)BIO_flush(fbio);
             BIO_pop(fbio);
             BIO_free(fbio);

diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c
index 5cc1186640026156ff66b850348b05e9b07f42e4..aa266c5979298291be4595f55a8792c19002858d 100644 (file)
--- a/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
@@ -137,7 +137,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
     if ((*ctx)->expect_file_generations) {
         char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);
 
-        while (p > (*ctx)->entry_name && isdigit(p[-1]))
+        while (p > (*ctx)->entry_name && isdigit((unsigned char)p[-1]))
             p--;
         if (p > (*ctx)->entry_name && p[-1] == ';')
             p[-1] = '\0';

diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 15d7affb7d96ff947fa46b6c76ac84005ce08919..f87bd921d0177c5ee4d89a229756f92944b3145f 100644 (file)
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -1470,9 +1470,9 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
      * Last, check that the rest of the extension is a decimal number, at
      * least one digit long.
      */
-    if (!isdigit(*p))
+    if (!isdigit((unsigned char)*p))
         return 0;
-    while (isdigit(*p))
+    while (isdigit((unsigned char)*p))
         p++;
 
 #ifdef __VMS

diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 4895f4bc8f7d7aee895c73c18aced81f8cf2cdd9..bcc037c6d4f71ba3a654d5234e99a9ccb6124352 100644 (file)
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -608,9 +608,9 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name)
      * Last, check that the rest of the extension is a decimal number, at
      * least one digit long.
      */
-    if (!isdigit(*p))
+    if (!isdigit((unsigned char)*p))
         return 0;
-    while (isdigit(*p))
+    while (isdigit((unsigned char)*p))
         p++;
 
 #ifdef __VMS
@@ -619,7 +619,7 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name)
      */
     if (*p == ';')
         for (p++; *p != '\0'; p++)
-            if (!ossl_isdigit(*p))
+            if (!ossl_isdigit((unsigned char)*p))
                 break;
 #endif
 

diff --git a/test/testutil/provider.c b/test/testutil/provider.c
index 900324d81b08b006b78271e9b58217f3d25d6c73..a40a72c929e12ae11454ed141af64825eab50b42 100644 (file)
--- a/test/testutil/provider.c
+++ b/test/testutil/provider.c
@@ -201,7 +201,7 @@ int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions)
         } else if (*p == '>') {
             mode = MODE_GT;
             p++;
-        } else if (isdigit(*p)) {
+        } else if (isdigit((unsigned char)*p)) {
             mode = MODE_EQ;
         } else {
             TEST_info("Error matching FIPS version: mode %s\n", p);