From 9efe1e0c32ae43d67240d6a97306e3cff61c3c55 Mon Sep 17 00:00:00 2001
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Sat, 27 Mar 2021 14:37:03 +0100
Subject: [PATCH] core: use unsigned for safer non-ascii bit shifting for hexa

---
 src/core/basex.c    | 6 +++---
 src/core/strutils.c | 7 ++++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/core/basex.c b/src/core/basex.c
index 45abcac0289..38fb08d91e3 100644
--- a/src/core/basex.c
+++ b/src/core/basex.c
@@ -434,7 +434,7 @@ int base64url_enc(char *in, int ilen, char *out, int osize)
 	int  i;
 	int  r;
 	char *p;
-	int  block;
+	unsigned int  block;
 	int  olen;
 
 	olen = (((ilen+2)/3)<<2);
@@ -465,7 +465,7 @@ int base64url_enc(char *in, int ilen, char *out, int osize)
 int base64url_dec(char *in, int ilen, char *out, int osize)
 {
 	int n;
-	int block;
+	unsigned int block;
 	int idx;
 	int i;
 	int j;
@@ -493,7 +493,7 @@ int base64url_dec(char *in, int ilen, char *out, int osize)
 	for(i=0, idx=0; i<end; idx+=3) {
 		block = 0;
 		for(j=0; j<4 && i<end ; j++) {
-			c = _ksr_b64url_decmap[(int)in[i++]];
+			c = _ksr_b64url_decmap[(unsigned char)in[i++]];
 			if(c<0) {
 				LM_ERR("invalid input string\"%.*s\"\n", ilen, in);
 				return -1;
diff --git a/src/core/strutils.c b/src/core/strutils.c
index 75d5b1ec105..ff394e54701 100644
--- a/src/core/strutils.c
+++ b/src/core/strutils.c
@@ -270,7 +270,7 @@ int escape_user(str *sin, str *sout)
 				break;
 				default:
 				    *at++ = '%';
-				    x = (*p) >> 4;
+				    x = (unsigned char)(*p) >> 4;
 				    if (x < 10)
 					{
 						*at++ = x + '0';
@@ -350,7 +350,7 @@ int escape_param(str *sin, str *sout)
                 default:
 
                     *at++ = '%';
-                    x = (*p) >> 4;
+                    x = (unsigned char)(*p) >> 4;
                     if (x < 10)
                     {
                         *at++ = x + '0';
@@ -792,7 +792,8 @@ int urlencode(str *sin, str *sout)
 		if (isalnum(*p) || *p == '-' || *p == '_' || *p == '.' || *p == '~')
 			*at++ = *p;
 		else
-			*at++ = '%', *at++ = char_to_hex(*p >> 4), *at++ = char_to_hex(*p & 15);
+			*at++ = '%', *at++ = char_to_hex((unsigned char)(*p) >> 4),
+				*at++ = char_to_hex(*p & 15);
 		p++;
 	}