From 350f0402a25d98a8c2112244180b23147a9365fe Mon Sep 17 00:00:00 2001
From: Guillermo Rodriguez <guille.rodriguez@gmail.com>
Date: Tue, 21 Feb 2017 12:20:40 +0100
Subject: [PATCH] Fix buffer overrun in printable_binary.

"Negative" values were being sign-extended to int, and would take more
than 4 bytes when printed (e.g. 255 was printed as \xffffffff instead of
\xff). This was causing a buffer overrun. Fixed by casting to unsigned
char.
---
 libpagekite/pkutils.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libpagekite/pkutils.c b/libpagekite/pkutils.c
index 662256e..8d79395 100644
--- a/libpagekite/pkutils.c
+++ b/libpagekite/pkutils.c
@@ -458,7 +458,10 @@ int printable_binary(char* dest, size_t dlen, const char* src, size_t slen)
         *dest++ = '\0';
         return copied;
       }
-      int wrote = sprintf(dest, "\\x%2.2x", *p);
+      /* The cast to unsigned char is required, otherwise 'negative' byte
+       * values will be sign-extended to int and will take more than four
+       * bytes; e.g. 255 is printed as \xffffffff */
+      int wrote = sprintf(dest, "\\x%2.2x", (unsigned char) *p);
       dest += wrote;
       dlen -= wrote;
     }