udev: restrict the seat ID to 256 characters

Anything longer than that is likely a bug.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

diff --git a/src/udev-seat.c b/src/udev-seat.c
index aeae198cb8fbc20b92b77a388d928d4b6780c048..fd50488a61830571ebdeb4111ed1c27468918e4d 100644 (file)
--- a/src/udev-seat.c
+++ b/src/udev-seat.c
@@ -382,6 +382,15 @@ libinput_udev_assign_seat(struct libinput *libinput,
 {
        struct udev_input *input = (struct udev_input*)libinput;
 
+       if (!seat_id)
+               return -1;
+
+       if (strlen(seat_id) > 256) {
+               log_bug_client(libinput,
+                              "Unexpected seat id, limited to 256 characters.\n");
+               return -1;
+       }
+
        /* We cannot do this during udev_create_context because the log
         * handler isn't set up there but we really want to log to the right
         * place if the quirks run into parser errors. So we have to do it
@@ -389,9 +398,6 @@ libinput_udev_assign_seat(struct libinput *libinput,
         */
        libinput_init_quirks(libinput);
 
-       if (!seat_id)
-               return -1;
-
        if (libinput->interface_backend != &interface_backend) {
                log_bug_client(libinput, "Mismatching backends.\n");
                return -1;

diff --git a/test/test-udev.c b/test/test-udev.c
index 6a6e6763b6195aaf7ec0523951f9fe457bf9bafa..4f677c118072fa22fdabf4ea473655a77a33dbe6 100644 (file)
--- a/test/test-udev.c
+++ b/test/test-udev.c
@@ -130,6 +130,30 @@ START_TEST(udev_create_empty_seat)
 }
 END_TEST
 
+START_TEST(udev_create_seat_too_long)
+{
+       struct libinput *li;
+       struct udev *udev;
+       char seatname[258];
+
+       memset(seatname, 'a', sizeof(seatname) - 1);
+       seatname[sizeof(seatname) - 1] = '\0';
+
+       udev = udev_new();
+       ck_assert(udev != NULL);
+
+       li = libinput_udev_create_context(&simple_interface, NULL, udev);
+       litest_set_log_handler_bug(li);
+
+       ck_assert_int_eq(libinput_udev_assign_seat(li, seatname), -1);
+
+       litest_assert_empty_queue(li);
+
+       libinput_unref(li);
+       udev_unref(udev);
+}
+END_TEST
+
 START_TEST(udev_set_user_data)
 {
        struct libinput *li;
@@ -651,6 +675,7 @@ TEST_COLLECTION(udev)
        litest_add_no_device("udev:create", udev_create_NULL);
        litest_add_no_device("udev:create", udev_create_seat0);
        litest_add_no_device("udev:create", udev_create_empty_seat);
+       litest_add_no_device("udev:create", udev_create_seat_too_long);
        litest_add_no_device("udev:create", udev_set_user_data);
 
        litest_add_no_device("udev:seat", udev_added_seat_default);