diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2022-02-19 12:34:25 +0100 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2022-02-19 12:38:28 +0100 |
| commit | 61249e6606513295b9ba5ad9a42cbb3601694d13 (patch) | |
| tree | ec59d181e9b98c34c745bbe15c6073515d9f8fea | |
| parent | 524b76f2e9f4bb8e4a8d2a4287c23e67c67fce07 (diff) | |
| download | PROJ-61249e6606513295b9ba5ad9a42cbb3601694d13.tar.gz PROJ-61249e6606513295b9ba5ad9a42cbb3601694d13.zip | |
Fix nullptr dereference in utilities whan argv[0] == NULL
https://lwn.net/Articles/?offset=50 was an entertaining reading where we
learn that the fact that argv[0] contains the name of the binary is
purely a convention, normally taken by the shell that launches the
process, but not guaranteed by the execve() system call that does the
job.
The following test program tested against cct, cs2cs, geod, gie and proj
make them cause a null pointer dereference
```
#include <unistd.h>
#include <stdio.h>
extern char **environ;
int main()
{
char* argv[] = { NULL };
printf("%d\n", execve("/path/to/some/proj/binary", argv, environ));
return 0;
}
```
| -rw-r--r-- | src/apps/cs2cs.cpp | 4 | ||||
| -rw-r--r-- | src/apps/geod.cpp | 4 | ||||
| -rw-r--r-- | src/apps/optargpm.h | 3 | ||||
| -rw-r--r-- | src/apps/proj.cpp | 4 |
4 files changed, 15 insertions, 0 deletions
diff --git a/src/apps/cs2cs.cpp b/src/apps/cs2cs.cpp index 03fd4dba..a8e152a7 100644 --- a/src/apps/cs2cs.cpp +++ b/src/apps/cs2cs.cpp @@ -346,6 +346,10 @@ int main(int argc, char **argv) { int have_to_flag = 0, inverse = 0; int use_env_locale = 0; + if( argc == 0 ) { + exit(1); + } + /* This is just to check that pj_init() is locale-safe */ /* Used by nad/testvarious */ if (getenv("PROJ_USE_ENV_LOCALE") != nullptr) diff --git a/src/apps/geod.cpp b/src/apps/geod.cpp index 6e3f059e..4f48a57a 100644 --- a/src/apps/geod.cpp +++ b/src/apps/geod.cpp @@ -136,6 +136,10 @@ int main(int argc, char **argv) { FILE *fid; static int eargc = 0, c; + if( argc == 0 ) { + exit(1); + } + if ((emess_dat.Prog_name = strrchr(*argv,'/')) != nullptr) ++emess_dat.Prog_name; else emess_dat.Prog_name = *argv; inverse = strncmp(emess_dat.Prog_name, "inv", 3) == 0 || diff --git a/src/apps/optargpm.h b/src/apps/optargpm.h index 9a66b9a0..921b8c0b 100644 --- a/src/apps/optargpm.h +++ b/src/apps/optargpm.h @@ -415,6 +415,9 @@ OPTARGS *opt_parse (int argc, char **argv, const char *flags, const char *keys, int free_format; OPTARGS *o; + if( argc == 0 ) + return nullptr; + o = (OPTARGS *) calloc (1, sizeof(OPTARGS)); if (nullptr==o) return nullptr; diff --git a/src/apps/proj.cpp b/src/apps/proj.cpp index f93164e0..629501e3 100644 --- a/src/apps/proj.cpp +++ b/src/apps/proj.cpp @@ -300,6 +300,10 @@ int main(int argc, char **argv) { FILE *fid; int eargc = 0, mon = 0; + if( argc == 0 ) { + exit(1); + } + if ( (emess_dat.Prog_name = strrchr(*argv,DIR_CHAR)) != nullptr) ++emess_dat.Prog_name; else emess_dat.Prog_name = *argv; |