[gpsd-dev] Fw: Mishandle of input arguments in gpsmon could lead to Null Pointer Dereference

[address@hidden]

Hi Eric,

Our code scanner has reported a potential null pointer dereference in Open Source project gpsd，

Might you / gpsd-dev team would have a look on the issue? thank you for your concern.

Regards,

Alex

---

address@hidden

 

发件人： address@hidden

发送时间： 2017-09-27 13:28

收件人： gpsd-dev

抄送： 肖枭; 时清凯

主题： Mishandle of input arguments in gpsmon could lead to Null Pointer Dereference

Hi all,

Our code scanner has reported a potential null pointer dereference issue at the main function of gpsmon.c,

trigger input (starts with "/dev" and follow with only one colon character ':'), for example:

./gpsmon /dev:dd

first "/dev" make variable serial be true, then the value of source->device will be read:

1.     /* Grok the server, port, and device. */
2.     if (optind < argc) {
3. serial = str_starts_with(argv[optind], "/dev");    // <=======
4. gpsd_source_spec(argv[optind], &source);
5.     } else {

and inside function gpsd_source_spec:

1. colon1 = strchr(skipto, ':');
2. 
   
3. if (colon1 != NULL) {            // <== check if there is a colon first, and it is expecting the second colon character, if we haven't provide the second colon, variable source->device will remains NULL, and it will be dereferenced in the following
4.     char *colon2;
5.     *colon1 = '\0';
6.     if (colon1 != source->spec) {
7. source->server = source->spec;
8.     }
9.     source->port = colon1 + 1;
10.     colon2 = strchr(source->port, ':');
11.     if (colon2 != NULL) {
12. *colon2 = '\0';
13. source->device = colon2 + 1;
14.     }
15. } else if (strchr(source->spec, '/') != NULL) {
16.     source->device = source->spec;

Regards,

Alex, SourceBrella Inc.

---

address@hidden