mirror of
https://gitlab.freedesktop.org/libinput/libei.git
synced 2026-05-14 09:58:07 +02:00
bca07c3dc0
The brei_demarshal() function parses incoming protocol messages based on a type signature. While the 's' (string) type had proper bounds checking against the remaining buffer, the other types didn't. A malicious client could send a message with a truncated payload (small msglen in the header) but targeting an opcode whose signature expects more data than provided. This would cause buffer over-reads past the allocated buffer, potentially leaking sensitive memory contents or causing a crash. Assisted-by: Claude:claude-opus-4-6 Part-of: <https://gitlab.freedesktop.org/libinput/libei/-/merge_requests/389> |
||
|---|---|---|
| .. | ||
| templates | ||
| buildtest.c | ||
| buildtest.cc | ||
| conftest.py | ||
| eierpecken.c | ||
| eierpecken.h | ||
| eiproto.py.tmpl | ||
| meson.build | ||
| test-ei-device.c | ||
| test-ei-seat.c | ||
| test-ei.c | ||
| test-eis.c | ||
| test-main.c | ||
| test_oeffis.py | ||
| test_protocol.py | ||
| test_scanner.py | ||
| unit-tests.c | ||