From 6cedfa64722afc133f6851acc4c919108d14de41 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 1 Jun 2026 21:25:59 +1000
Subject: [PATCH] tools: sanitize device names in libinput-record YAML output

The device name was written directly into a YAML double-quoted string
without sanitization. A malicious device name containing control
characters or newlines can break the YAML structure, potentially
causing parsers (libinput-replay, libinput-analyze-recording) to
interpret injected YAML keys.

Use str_sanitize() to replace control characters before writing the
name into the YAML output.

This will also replace any % in the device name with % but... meh.

Assisted-by: Claude:claude-opus-4-6
(cherry picked from commit 7c49e6112d5b109755e6b2685f1fbfbaa29ec9e6)

Part-of: <https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/1488>
---
 tools/libinput-record.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tools/libinput-record.c b/tools/libinput-record.c
index c6c84913..f898e959 100644
--- a/tools/libinput-record.c
+++ b/tools/libinput-record.c
@@ -1517,7 +1517,8 @@ print_description(FILE *fp, struct libevdev *dev)
 		break;
 	}
 
-	iprintf(fp, I_EVDEV, "# Name: %s\n", libevdev_get_name(dev));
+	_autofree_ char *name = str_sanitize(libevdev_get_name(dev));
+	iprintf(fp, I_EVDEV, "# Name: %s\n", name ? name : "");
 	iprintf(fp,
 		I_EVDEV,
 		"# ID: bus 0x%04x%svendor 0x%04x product 0x%04x version 0x%04x\n",
@@ -1568,7 +1569,8 @@ print_description(FILE *fp, struct libevdev *dev)
 static void
 print_bits_info(FILE *fp, struct libevdev *dev)
 {
-	iprintf(fp, I_EVDEV, "name: \"%s\"\n", libevdev_get_name(dev));
+	_autofree_ char *name = str_sanitize(libevdev_get_name(dev));
+	iprintf(fp, I_EVDEV, "name: \"%s\"\n", name ? name : "");
 	iprintf(fp,
 		I_EVDEV,
 		"id: [%d, %d, %d, %d]\n",
@@ -1934,7 +1936,8 @@ select_device(void)
 		if (rc != 0)
 			continue;
 
-		fprintf(stderr, "%s%s:	%s\n", prefix, path, libevdev_get_name(device));
+		_autofree_ char *name = str_sanitize(libevdev_get_name(device));
+		fprintf(stderr, "%s%s:	%s\n", prefix, path, name ? name : "");
 		libevdev_free(device);
 		available_devices++;
 	}