CVE-2026-4480/CVE-2026-4408: lib/util: let log_escape() make use of iscntrl()

using iscntrl() also handles 0x7F (DEL).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/lib/util/util_str_escape.c b/lib/util/util_str_escape.c
index 8f1f34912ee6929011e468713f8043235da7ea5f..c6d7a0c9e77ad346184ec5c643da27f388739e7b 100644 (file)
--- a/lib/util/util_str_escape.c
+++ b/lib/util/util_str_escape.c
@@ -18,6 +18,7 @@
 */
 
 #include "replace.h"
+#include "system/locale.h"
 #include "lib/util/debug.h"
 #include "lib/util/util_str_escape.h"
 
@@ -28,7 +29,7 @@
  */
 static size_t encoded_length(unsigned char c)
 {
-       if (c != '\\' &&  c > 0x1F) {
+       if (c != '\\' && !iscntrl(c)) {
                return 1;
        } else {
                switch (c) {
@@ -79,7 +80,7 @@ char *log_escape(TALLOC_CTX *frame, const char *in)
        c = in;
        e = encoded;
        while (*c) {
-               if (*c != '\\' && (unsigned char)(*c) > 0x1F) {
+               if (*c != '\\' && !iscntrl((unsigned char)(*c))) {
                        *e++ = *c++;
                } else {
                        switch (*c) {