Nmap Development mailing list archives

Re: Nmap uses ctype macros improperly

From: Solar Designer <solar () openwall com>
Date: Tue, 28 Jul 2009 20:41:31 +0400

On Tue, Jul 28, 2009 at 09:00:52AM -0600, David Fifield wrote:

I had just written a program to test it too. However I wasn't sure if it
worked only because of some behavior of GCC, or because some standard
requires it. I admit I don't know where to look for normative rules like
this; can you by chance point me to a standards document that defines
the arithmetic type promotion rule?


I'm no expert in this, but here are a few references I found quickly:

ftp://ftp.research.att.com/pub/c++std/WP/CD2/
http://www.cs.technion.ac.il/users/yechiel/CS/C++draft/
http://www.cs.technion.ac.il/users/yechiel/CS/C-draft/
http://std.dkuug.dk/JTC1/SC22/WG14/www/docs/n869/

This is "4.5 Integral promotions", page 59 in ISO-CPP-body.pdf from the
.../C++draft/ URL above.

http://www.open-std.org/jtc1/sc22/open/n2356/conv.html
(scroll down or search for "4.5  Integral promotions")

https://www.securecoding.cert.org/confluence/display/cplusplus/INT02-A.+Understand+integer+conversion+rules
http://www.cse.unsw.edu.au/~patrykz/TenDRA/tdfc/tdfc7.html#S33

According to this last reference, there's a difference between ISO C and
traditional C here.  The former will promote "unsigned char" to "int",
whereas the latter will promote it to "unsigned int".  Luckily, for my
specific example it would not matter.

http://www.keil.com/support/docs/1754.htm

The above is a C compiler that lets one turn integer promotions off.
Perhaps this is not a platform Nmap would ever be compiled for. ;-)

There are other problems with how the ctype functions are used. Well,
the only one I can think of now is in ncat/http.c, where they are used
to classify characters in HTTP. They should really be classified based
on the byte values defined in the HTTP standards, and not on whatever
the local character set happens to be. (For example, RFC 2616 defines
CTL, but there is no guarantee that is the same as the set defined by
iscntrl, even ignoring locale.) Also, that file refers to the CR and LF
bytes as '\r' and '\n', but it should use the literal values 0x0A and 0x0D.


This makes sense to me.  It is not always right to use the macros.

Alexander

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nmap uses ctype macros improperly Solar Designer (Jul 18)
- Re: Nmap uses ctype macros improperly David Fifield (Jul 27)
  - Re: Nmap uses ctype macros improperly Solar Designer (Jul 28)
    - Re: Nmap uses ctype macros improperly Solar Designer (Jul 28)
    - Re: Nmap uses ctype macros improperly David Fifield (Jul 28)
    - Re: Nmap uses ctype macros improperly Solar Designer (Jul 28)
  - Re: Nmap uses ctype macros improperly J Marlow (Aug 07)