Re: pkg/47168: pkgsrc update for security/pam_ssh_agent_auth

[Alistair Crooks <agc%pkgsrc.org@localhost>]

The following reply was made to PR pkg/47168; it has been noted by GNATS.

From: Alistair Crooks <agc%pkgsrc.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: pkg-manager%NetBSD.org@localhost, gnats-admin%NetBSD.org@localhost, 
pkgsrc-bugs%NetBSD.org@localhost
Subject: Re: pkg/47168: pkgsrc update for security/pam_ssh_agent_auth
Date: Wed, 7 Nov 2012 22:52:17 +0100

 Thanks for the PR!
 
 On Wed, Nov 07, 2012 at 07:25:00PM +0000, jdwhite%iastate.edu@localhost wrote:
 > +--- openbsd-compat/readpassphrase.c 2012-11-07 10:09:52.000000000 -0600
 > ++++ openbsd-compat/readpassphrase.c 2012-11-07 10:18:38.000000000 -0600
 > +@@ -124,11 +124,11 @@
 > +            if (p < end) {
 > +                    if ((flags & RPP_SEVENBIT))
 > +                            ch &= 0x7f;
 > +-                   if (isalpha(ch)) {
 > ++                   if (isalpha((int)ch)) {
 > +                            if ((flags & RPP_FORCELOWER))
 > +-                                   ch = tolower(ch);
 > ++                                   ch = tolower((int)ch);
 > +                            if ((flags & RPP_FORCEUPPER))
 > +-                                   ch = toupper(ch);
 > ++                                   ch = toupper((int)ch);
 > +                    }
 > +                    *p++ = ch;
 > +            }
 
 Slight area of concern about this - the casts to the ctype macros are
 supposed to prevent negative subscript access to the ctypes array, so
 casting them to int isn't really doing any good - most of the examples
 use (unsigned char) or (unsigned) for this.
 
 Definitely needed in something like this module :-)
 
 Best,
 Alistair