proj/cs2cs: validate value of -f parameter to avoid potential crashes (fixes #124)

7 files changed, 108 insertions, 4 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 9858d78f..a01ff2e6 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -16,11 +16,11 @@ include_HEADERS = proj.h proj_experimental.h proj_constants.h proj_api.h geodesi
 EXTRA_DIST = bin_cct.cmake bin_gie.cmake bin_cs2cs.cmake \
 	bin_geod.cmake bin_proj.cmake bin_projinfo.cmake \
 	lib_proj.cmake CMakeLists.txt bin_geodtest.cmake tests/geodtest.cpp \
-	wkt1_grammar.y wkt2_grammar.y apps/emess.h
+	wkt1_grammar.y wkt2_grammar.y apps/emess.h apps/utils.h
 
-proj_SOURCES = apps/proj.cpp apps/emess.cpp
+proj_SOURCES = apps/proj.cpp apps/emess.cpp apps/utils.cpp
 projinfo_SOURCES = apps/projinfo.cpp
-cs2cs_SOURCES = apps/cs2cs.cpp apps/emess.cpp
+cs2cs_SOURCES = apps/cs2cs.cpp apps/emess.cpp apps/utils.cpp
 cct_SOURCES = apps/cct.cpp apps/proj_strtod.cpp apps/proj_strtod.h apps/optargpm.h
 geod_SOURCES = apps/geod.cpp apps/geod_set.cpp apps/geod_interface.cpp apps/geod_interface.h apps/emess.cpp
 
diff --git a/src/apps/cs2cs.cpp b/src/apps/cs2cs.cpp
index 877a68ff..40b0d584 100644
--- a/src/apps/cs2cs.cpp
+++ b/src/apps/cs2cs.cpp
@@ -45,6 +45,7 @@
 #include "proj.h"
 #include "proj_internal.h"
 #include "emess.h"
+#include "utils.h"
 // clang-format on
 
 #define MAX_LINE 1000
@@ -522,6 +523,13 @@ int main(int argc, char **argv) {
     if (eargc == 0) /* if no specific files force sysin */
         eargv[eargc++] = const_cast<char *>("-");
 
+    if( oform ) {
+        if( !validate_form_string_for_numbers(oform) ) {
+            emess(3, "invalid format string");
+            exit(0);
+        }
+    }
+
     /*
      * If the user has requested inverse, then just reverse the
      * coordinate systems.
diff --git a/src/apps/proj.cpp b/src/apps/proj.cpp
index 2af49c34..888d723f 100644
--- a/src/apps/proj.cpp
+++ b/src/apps/proj.cpp
@@ -7,6 +7,7 @@
 #include <string.h>
 #include <math.h>
 #include "emess.h"
+#include "utils.h"
 
 #if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__WIN32__)
 #  include <fcntl.h>
@@ -461,6 +462,13 @@ int main(int argc, char **argv) {
     if (eargc == 0) /* if no specific files force sysin */
         eargv[eargc++] = const_cast<char*>("-");
 
+    if( oform ) {
+        if( !validate_form_string_for_numbers(oform) ) {
+            emess(3, "invalid format string");
+            exit(0);
+        }
+    }
+
     /* done with parameter and control input */
     if (inverse && postscale) {
         prescale = 1;
@@ -487,7 +495,6 @@ int main(int argc, char **argv) {
         proj.inv = pj_inv;
     } else
         proj.fwd = pj_fwd;
-
     /* set input formatting control */
     if (mon) {
         pj_pr_list(Proj);
diff --git a/src/apps/utils.cpp b/src/apps/utils.cpp
new file mode 100644
index 00000000..7dc809c9
--- /dev/null
+++ b/src/apps/utils.cpp
@@ -0,0 +1,58 @@
+/******************************************************************************
+ *
+ * Project:  PROJ
+ * Purpose:  Utilities for command line arguments
+ * Author:   Even Rouault <even dot rouault at spatialys dot com>
+ *
+ ******************************************************************************
+ * Copyright (c) 2019, Even Rouault <even dot rouault at spatialys dot com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ ****************************************************************************/
+
+#include "utils.h"
+
+#include <string.h>
+
+bool validate_form_string_for_numbers(const char* formatString) {
+    /* Only accepts '%[+]?[number]?[.]?[number]?[e|E|f|F|g|G]' */
+    bool valid = true;
+    if( formatString[0] != '%' )
+        valid = false;
+    else {
+        auto oformLen = strlen(formatString);
+        for( int i = 1; i < static_cast<int>(oformLen) - 1; i++ ) {
+            if( !(formatString[i] == '.' ||
+                    formatString[i] == '+' || 
+                    (formatString[i] >= '0' && formatString[i] <= '9')) ) {
+                valid = false;
+                break;
+            }
+        }
+        if( valid ) {
+            valid = formatString[oformLen-1] == 'e' ||
+                        formatString[oformLen-1] == 'E' ||
+                        formatString[oformLen-1] == 'f' ||
+                        formatString[oformLen-1] == 'F' ||
+                        formatString[oformLen-1] == 'g' ||
+                        formatString[oformLen-1] == 'G';
+        }
+    }
+    return valid;
+}
diff --git a/src/apps/utils.h b/src/apps/utils.h
new file mode 100644
index 00000000..99c14091
--- /dev/null
+++ b/src/apps/utils.h
@@ -0,0 +1,29 @@
+/******************************************************************************
+ *
+ * Project:  PROJ
+ * Purpose:  Utilities for command line arguments
+ * Author:   Even Rouault <even dot rouault at spatialys dot com>
+ *
+ ******************************************************************************
+ * Copyright (c) 2019, Even Rouault <even dot rouault at spatialys dot com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ ****************************************************************************/
+
+bool validate_form_string_for_numbers(const char* formatString);
diff --git a/src/bin_cs2cs.cmake b/src/bin_cs2cs.cmake
index 7ee26673..d2bb3b97 100644
--- a/src/bin_cs2cs.cmake
+++ b/src/bin_cs2cs.cmake
@@ -1,6 +1,7 @@
 set(CS2CS_SRC
   apps/cs2cs.cpp
   apps/emess.cpp
+  apps/utils.cpp
 )
 
 source_group("Source Files\\Bin" FILES ${CS2CS_SRC})
diff --git a/src/bin_proj.cmake b/src/bin_proj.cmake
index b9ae03e5..ce282fc6 100644
--- a/src/bin_proj.cmake
+++ b/src/bin_proj.cmake
@@ -1,6 +1,7 @@
 set(PROJ_SRC
   apps/proj.cpp
   apps/emess.cpp
+  apps/utils.cpp
 )
 
 source_group("Source Files\\Bin" FILES ${PROJ_SRC})