From 4353ed915219f7d8795489d4465786a42653583f Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Fri, 8 Feb 2019 11:07:15 +1000
Subject: [PATCH] udev: restrict the seat ID to 256 characters

Anything longer than that is likely a bug.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 src/udev-seat.c  | 12 +++++++++---
 test/test-udev.c | 25 +++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/src/udev-seat.c b/src/udev-seat.c
index aeae198..fd50488 100644
--- a/src/udev-seat.c
+++ b/src/udev-seat.c
@@ -382,6 +382,15 @@ libinput_udev_assign_seat(struct libinput *libinput,
 {
 	struct udev_input *input = (struct udev_input*)libinput;
 
+	if (!seat_id)
+		return -1;
+
+	if (strlen(seat_id) > 256) {
+		log_bug_client(libinput,
+			       "Unexpected seat id, limited to 256 characters.\n");
+		return -1;
+	}
+
 	/* We cannot do this during udev_create_context because the log
 	 * handler isn't set up there but we really want to log to the right
 	 * place if the quirks run into parser errors. So we have to do it
@@ -389,9 +398,6 @@ libinput_udev_assign_seat(struct libinput *libinput,
 	 */
 	libinput_init_quirks(libinput);
 
-	if (!seat_id)
-		return -1;
-
 	if (libinput->interface_backend != &interface_backend) {
 		log_bug_client(libinput, "Mismatching backends.\n");
 		return -1;
diff --git a/test/test-udev.c b/test/test-udev.c
index 6a6e676..4f677c1 100644
--- a/test/test-udev.c
+++ b/test/test-udev.c
@@ -130,6 +130,30 @@ START_TEST(udev_create_empty_seat)
 }
 END_TEST
 
+START_TEST(udev_create_seat_too_long)
+{
+	struct libinput *li;
+	struct udev *udev;
+	char seatname[258];
+
+	memset(seatname, 'a', sizeof(seatname) - 1);
+	seatname[sizeof(seatname) - 1] = '\0';
+
+	udev = udev_new();
+	ck_assert(udev != NULL);
+
+	li = libinput_udev_create_context(&simple_interface, NULL, udev);
+	litest_set_log_handler_bug(li);
+
+	ck_assert_int_eq(libinput_udev_assign_seat(li, seatname), -1);
+
+	litest_assert_empty_queue(li);
+
+	libinput_unref(li);
+	udev_unref(udev);
+}
+END_TEST
+
 START_TEST(udev_set_user_data)
 {
 	struct libinput *li;
@@ -651,6 +675,7 @@ TEST_COLLECTION(udev)
 	litest_add_no_device("udev:create", udev_create_NULL);
 	litest_add_no_device("udev:create", udev_create_seat0);
 	litest_add_no_device("udev:create", udev_create_empty_seat);
+	litest_add_no_device("udev:create", udev_create_seat_too_long);
 	litest_add_no_device("udev:create", udev_set_user_data);
 
 	litest_add_no_device("udev:seat", udev_added_seat_default);
-- 
2.7.4