From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 19 Jun 2014 04:20:58 +0000 (+1000)
Subject: uinput: change strcpy/strcat usage for snprintf
X-Git-Tag: submit/tizen/20170407.054145^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen_3.0;p=platform%2Fupstream%2Flibevdev.git

uinput: change strcpy/strcat usage for snprintf

Better protection against buffer overflow, though by the time someone
is manipulating your sysfs, libevdev is unlikely to be the biggest worry.

Slight change in functionality: before we checked the timestamp of
/sys/devices/virtual/input/inputXYZ before looking at /inputXYZ/name, now we
just check the name file for the timestamp.

Change-Id: I71c9240e254b534ac0aed62bc51871a18c3a0666
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
---

diff --git a/libevdev/libevdev-uinput.c b/libevdev/libevdev-uinput.c
index f176a00..eb04073 100644
--- a/libevdev/libevdev-uinput.c
+++ b/libevdev/libevdev-uinput.c
@@ -198,6 +198,8 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 {
 	struct dirent **namelist;
 	int ndev, i;
+	int rc;
+	char buf[sizeof(SYS_INPUT_DIR) + 64];
 
 	/* FIXME: use new ioctl() here once kernel supports it */
 
@@ -207,11 +209,14 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 
 	for (i = 0; i < ndev; i++) {
 		int fd, len;
-		char buf[sizeof(SYS_INPUT_DIR) + 64];
 		struct stat st;
 
-		strcpy(buf, SYS_INPUT_DIR);
-		strcat(buf, namelist[i]->d_name);
+		rc = snprintf(buf, sizeof(buf), "%s%s/name",
+			      SYS_INPUT_DIR,
+			      namelist[i]->d_name);
+		if (rc < 0 || (size_t)rc >= sizeof(buf)) {
+			continue;
+		}
 
 		if (stat(buf, &st) == -1)
 			continue;
@@ -222,7 +227,6 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 			continue;
 
 		/* created within time frame */
-		strcat(buf, "/name");
 		fd = open(buf, O_RDONLY);
 		if (fd < 0)
 			continue;
@@ -239,8 +243,14 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 				log_info("multiple identical devices found. syspath is unreliable\n");
 				break;
 			} else {
-				strcpy(buf, SYS_INPUT_DIR);
-				strcat(buf, namelist[i]->d_name);
+				rc = snprintf(buf, sizeof(buf), "%s%s",
+					      SYS_INPUT_DIR,
+					      namelist[i]->d_name);
+				if (rc < 0 || (size_t)rc >= sizeof(buf)) {
+					log_error("Invalid syspath, syspath is unreliable\n");
+					break;
+				}
+
 				uinput_dev->syspath = strdup(buf);
 				uinput_dev->devnode = fetch_device_node(buf);
 			}