From 19ea63bf23fbf60c4f86ad0c9202e3781d041aaf Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Fri, 10 Aug 2018 10:44:30 +1000
Subject: [PATCH] util: tighten safe_atod parsing to only parse 'normal'
 numbers

We don't have a sensible use case where we want hex to double, or INF to
double, or any of that. So check the strings for invalid characters and bail
out early. Invalid characters include 'e' and whitespaces too, we don't need
those.

Small chance of things breaking: if the user-exposed calibration matrix
property was specified using hex numbers this will stop working now. I'll take
that risk.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 src/libinput-util.h | 19 +++++++++++++++++++
 test/test-misc.c    |  9 ++++-----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/libinput-util.h b/src/libinput-util.h
index 46421cbf..ff8d56fb 100644
--- a/src/libinput-util.h
+++ b/src/libinput-util.h
@@ -28,6 +28,7 @@
 #include "config.h"
 
 #include <assert.h>
+#include <ctype.h>
 #include <errno.h>
 #include <limits.h>
 #include <locale.h>
@@ -556,6 +557,24 @@ safe_atod(const char *str, double *val)
 	char *endptr;
 	double v;
 	locale_t c_locale;
+	size_t slen = strlen(str);
+
+	/* We don't have a use-case where we want to accept hex for a double
+	 * or any of the other values strtod can parse */
+	for (size_t i = 0; i < slen; i++) {
+		char c = str[i];
+
+		if (isdigit(c))
+		       continue;
+		switch(c) {
+		case '+':
+		case '-':
+		case '.':
+			break;
+		default:
+			return false;
+		}
+	}
 
 	/* Create a "C" locale to force strtod to use '.' as separator */
 	c_locale = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0);
diff --git a/test/test-misc.c b/test/test-misc.c
index 8176a3e9..a7f97acd 100644
--- a/test/test-misc.c
+++ b/test/test-misc.c
@@ -945,8 +945,7 @@ START_TEST(calibration_prop_parser)
 		{ "1 2 3 4 5 6", true, DEFAULT_VALUES },
 		{ "6.00012 3.244 4.238 5.2421 6.0134 8.860", true,
 			{ 6.00012, 3.244, 4.238, 5.2421, 6.0134, 8.860 }},
-		{ "0xff 2 3 4 5 6", true,
-			{ 255, 2, 3, 4, 5, 6 }},
+		{ "0xff 2 3 4 5 6", false, DEFAULT_VALUES },
 		{ NULL, false, DEFAULT_VALUES }
 	};
 	bool success;
@@ -1271,9 +1270,9 @@ START_TEST(safe_atod_test)
 		{ "2147483647", true, 2147483647 },
 		{ "-2147483648", true, -2147483648 },
 		{ "4294967295", true, 4294967295 },
-		{ "0x0", true, 0 },
-		{ "0x10", true, 0x10 },
-		{ "0xaf", true, 0xaf },
+		{ "0x0", false, 0 },
+		{ "0x10", false, 0 },
+		{ "0xaf", false, 0 },
 		{ "x80", false, 0 },
 		{ "0.0", true, 0.0 },
 		{ "0.1", true, 0.1 },