[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gpsd-dev] Fw: Mishandle of input arguments in gpsmon could lead to
|
From: |
Gary E. Miller |
|
Subject: |
Re: [gpsd-dev] Fw: Mishandle of input arguments in gpsmon could lead to Null Pointer Dereference |
|
Date: |
Sun, 17 Jun 2018 19:08:50 -0700 |
Yo address@hidden
We confirmed your report. A fix is now in git head, and will be in
the next gpsd release.
Thanks!
On Sat, 30 Sep 2017 16:00:56 +0800
"address@hidden" <address@hidden> wrote:
> Hi Eric,
>
> Our code scanner has reported a potential null pointer dereference in
> Open Source project gpsd, Might you / gpsd-dev team would have a
> look on the issue? thank you for your concern.
>
> Regards,
> Alex
>
>
>
> address@hidden
>
> 发件人: address@hidden
> 发送时间: 2017-09-27 13:28
> 收件人: gpsd-dev
> 抄送: 肖枭; 时清凯
> 主题: Mishandle of input arguments in gpsmon could lead to Null
> Pointer Dereference Hi all,
>
> Our code scanner has reported a potential null pointer dereference
> issue at the main function of gpsmon.c,
>
> trigger input (starts with "/dev" and follow with only one colon
> character ':'), for example: ./gpsmon /dev:dd
>
> first "/dev" make variable serial be true, then the value of
> source->device will be read: /* Grok the server, port, and device. */
> if (optind < argc) {
> serial = str_starts_with(argv[optind], "/dev"); // <=======
> gpsd_source_spec(argv[optind], &source);
> } else {
> and inside function gpsd_source_spec:
> colon1 = strchr(skipto, ':');
>
> if (colon1 != NULL) { // <== check if there is a colon
> first, and it is expecting the second colon character, if we haven't
> provide the second colon, variable source->device will remains NULL,
> and it will be dereferenced in the following char *colon2; *colon1 =
> '\0'; if (colon1 != source->spec) { source->server = source->spec;
> }
> source->port = colon1 + 1;
> colon2 = strchr(source->port, ':');
> if (colon2 != NULL) {
> *colon2 = '\0';
> source->device = colon2 + 1;
> }
> } else if (strchr(source->spec, '/') != NULL) {
> source->device = source->spec;
>
> Regards,
> Alex, SourceBrella Inc.
>
>
>
> address@hidden
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
address@hidden Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgp6eR90Y8kxo.pgp
Description: OpenPGP digital signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [gpsd-dev] Fw: Mishandle of input arguments in gpsmon could lead to Null Pointer Dereference,
Gary E. Miller <=