projects / platform / upstream / libevdev.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 62f7c92)
uinput: change strcpy/strcat usage for snprintf 36/123736/1 accepted/tizen_3.0_common accepted/tizen_3.0_ivi accepted/tizen_3.0_mobile accepted/tizen_3.0_tv accepted/tizen_3.0_wearable tizen_3.0 tizen_3.0_tv accepted/tizen/3.0/common/20170411.083959 accepted/tizen/3.0/ivi/20170411.080302 accepted/tizen/3.0/mobile/20170411.080145 accepted/tizen/3.0/tv/20170411.080210 accepted/tizen/3.0/wearable/20170411.080232 accepted/tizen/unified/20170407.190731 submit/tizen/20170407.054145 submit/tizen_3.0/20170407.054203 submit/tizen_3.0/20170411.035812
authorPeter Hutterer <peter.hutterer@who-t.net>
Thu, 19 Jun 2014 04:20:58 +0000 (14:20 +1000)
committerSung-Jin Park <sj76.park@samsung.com>
Fri, 7 Apr 2017 00:18:01 +0000 (09:18 +0900)
Better protection against buffer overflow, though by the time someone
is manipulating your sysfs, libevdev is unlikely to be the biggest worry.

Slight change in functionality: before we checked the timestamp of
/sys/devices/virtual/input/inputXYZ before looking at /inputXYZ/name, now we
just check the name file for the timestamp.

Change-Id: I71c9240e254b534ac0aed62bc51871a18c3a0666
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
libevdev/libevdev-uinput.c patch | blob | history

diff --git a/libevdev/libevdev-uinput.c b/libevdev/libevdev-uinput.c
index f176a004d6771a7b7c7a944f204e70cf242dc35e..eb0407376e8761b86525bcab466ece72c75dcf9a 100644 (file)
--- a/libevdev/libevdev-uinput.c
+++ b/libevdev/libevdev-uinput.c
@@ -198,6 +198,8 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 {
        struct dirent **namelist;
        int ndev, i;
+       int rc;
+       char buf[sizeof(SYS_INPUT_DIR) + 64];
 
        /* FIXME: use new ioctl() here once kernel supports it */
 
@@ -207,11 +209,14 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 
        for (i = 0; i < ndev; i++) {
                int fd, len;
-               char buf[sizeof(SYS_INPUT_DIR) + 64];
                struct stat st;
 
-               strcpy(buf, SYS_INPUT_DIR);
-               strcat(buf, namelist[i]->d_name);
+               rc = snprintf(buf, sizeof(buf), "%s%s/name",
+                             SYS_INPUT_DIR,
+                             namelist[i]->d_name);
+               if (rc < 0 || (size_t)rc >= sizeof(buf)) {
+                       continue;
+               }
 
                if (stat(buf, &st) == -1)
                        continue;
@@ -222,7 +227,6 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
                        continue;
 
                /* created within time frame */
-               strcat(buf, "/name");
                fd = open(buf, O_RDONLY);
                if (fd < 0)
                        continue;
@@ -239,8 +243,14 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
                                log_info("multiple identical devices found. syspath is unreliable\n");
                                break;
                        } else {
-                               strcpy(buf, SYS_INPUT_DIR);
-                               strcat(buf, namelist[i]->d_name);
+                               rc = snprintf(buf, sizeof(buf), "%s%s",
+                                             SYS_INPUT_DIR,
+                                             namelist[i]->d_name);
+                               if (rc < 0 || (size_t)rc >= sizeof(buf)) {
+                                       log_error("Invalid syspath, syspath is unreliable\n");
+                                       break;
+                               }
+
                                uinput_dev->syspath = strdup(buf);
                                uinput_dev->devnode = fetch_device_node(buf);
                        }
Domain: Graphics System / Input Management;