[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gpsd-dev] Mishandle of input arguments in gpsmon could lead to Null Poi
From: |
address@hidden |
Subject: |
[gpsd-dev] Mishandle of input arguments in gpsmon could lead to Null Pointer Dereference |
Date: |
Wed, 27 Sep 2017 13:28:08 +0800 |
Hi all,
Our code scanner has reported a potential null pointer dereference issue at the main function of gpsmon.c,
trigger input (starts with "/dev" and follow with only one colon character ':'), for example:
./gpsmon /dev:dd
first "/dev" make variable serial be true, then the value of source->device will be read:
- /* Grok the server, port, and device. */
- if (optind < argc) {
- serial = str_starts_with(argv[optind], "/dev"); // <=======
- gpsd_source_spec(argv[optind], &source);
- } else {
and inside function gpsd_source_spec:
- colon1 = strchr(skipto, ':');
- if (colon1 != NULL) { // <== check if there is a colon first, and it is expecting the second colon character, if we haven't provide the second colon, variable source->device will remains NULL, and it will be dereferenced in the following
- char *colon2;
- *colon1 = '\0';
- if (colon1 != source->spec) {
- source->server = source->spec;
- }
- source->port = colon1 + 1;
- colon2 = strchr(source->port, ':');
- if (colon2 != NULL) {
- *colon2 = '\0';
- source->device = colon2 + 1;
- }
- } else if (strchr(source->spec, '/') != NULL) {
- source->device = source->spec;
Regards,
Alex, SourceBrella Inc.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gpsd-dev] Mishandle of input arguments in gpsmon could lead to Null Pointer Dereference,
address@hidden <=