From 71bcd15d2eea0345667d7f3793ba9b3de278f527 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Wed, 1 Feb 2023 18:22:13 +0100
Subject: [PATCH] analyzer/http: Do not assume char is signed

On aarch64, char is unsigned, so is_HTTP_token_char() allowed
non-ASCII stuff with the high-bit set.

Fixes part of #2742
---
 src/analyzer/protocol/http/HTTP.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc
index 09bff23847..caaa6fca1c 100644
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@@ -1186,9 +1186,9 @@ const char* HTTP_Analyzer::PrefixWordMatch(const char* line, const char* end_of_
 	return line;
 	}
 
-static bool is_HTTP_token_char(char c)
+static bool is_HTTP_token_char(unsigned char c)
 	{
-	return c > 31 && c != 127 && // CTL per RFC 2616.
+	return c > 31 && c < 127 && // Exclude non-ascii and DEL/CTL per RFC 2616
 	       c != ' ' && c != '\t' && // Separators.
 	       c != '(' && c != ')' && c != '<' && c != '>' && c != '@' && c != ',' && c != ';' &&
 	       c != ':' && c != '\\' && c != '"' && c != '/' && c != '[' && c != ']' && c != '?' &&