From: Markus Armbruster <armbru@pond.sub.org>
Date: Sat, 2 Jul 2011 15:17:53 +0000 (+0200)
Subject: Fix client redirection and execute for non-ASCII characters
X-Git-Tag: v4.3.28~25
X-Git-Url: http://git.pond.sub.org/?p=empserver;a=commitdiff_plain;h=36015e8c0e075b698eb69ea07d34bd6fe27da55e

Fix client redirection and execute for non-ASCII characters

The client rejects unauthorized redirection and execute.  Its
authorized check always fails for arguments with non-ASCII characters.
The culprit is ring_search(): It compares plain char to unsigned char,
which breaks when char is signed.  Believed to be broken in commit
8b7d0b91, v4.3.11.

Note that non-ASCII characters only work in UTF-8 sessions.  In ASCII
sessions, the server replaces them, and the authorized check fails.
Works as designed.
---

diff --git a/src/client/ringbuf.c b/src/client/ringbuf.c
index f26e712f5..a27615ac5 100644
--- a/src/client/ringbuf.c
+++ b/src/client/ringbuf.c
@@ -159,7 +159,8 @@ ring_search(struct ring *r, char *s)
     size_t i, j;
 
     for (i = r->cons; i + len <= r->prod; i++) {
-	for (j = 0; j < len && s[j] == r->buf[(i + j) % RING_SIZE]; j++) ;
+	for (j = 0; s[j] && s[j] == (char)r->buf[(i + j) % RING_SIZE]; j++)
+	    ;
 	if (!s[j])
 	    return i - r->cons;
     }