From 7c49e6112d5b109755e6b2685f1fbfbaa29ec9e6 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Mon, 1 Jun 2026 21:25:59 +1000 Subject: [PATCH] tools: sanitize device names in libinput-record YAML output The device name was written directly into a YAML double-quoted string without sanitization. A malicious device name containing control characters or newlines can break the YAML structure, potentially causing parsers (libinput-replay, libinput-analyze-recording) to interpret injected YAML keys. Use str_sanitize() to replace control characters before writing the name into the YAML output. This will also replace any % in the device name with % but... meh. Assisted-by: Claude:claude-opus-4-6 Part-of: --- tools/libinput-record.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tools/libinput-record.c b/tools/libinput-record.c index ec4dfe0a..14231238 100644 --- a/tools/libinput-record.c +++ b/tools/libinput-record.c @@ -1519,7 +1519,8 @@ print_description(FILE *fp, struct libevdev *dev) break; } - iprintf(fp, I_EVDEV, "# Name: %s\n", libevdev_get_name(dev)); + _autofree_ char *name = str_sanitize(libevdev_get_name(dev)); + iprintf(fp, I_EVDEV, "# Name: %s\n", name ? name : ""); iprintf(fp, I_EVDEV, "# ID: bus 0x%04x%svendor 0x%04x product 0x%04x version 0x%04x\n", @@ -1570,7 +1571,8 @@ print_description(FILE *fp, struct libevdev *dev) static void print_bits_info(FILE *fp, struct libevdev *dev) { - iprintf(fp, I_EVDEV, "name: \"%s\"\n", libevdev_get_name(dev)); + _autofree_ char *name = str_sanitize(libevdev_get_name(dev)); + iprintf(fp, I_EVDEV, "name: \"%s\"\n", name ? name : ""); iprintf(fp, I_EVDEV, "id: [%d, %d, %d, %d]\n", @@ -1936,7 +1938,8 @@ select_device(void) if (rc != 0) continue; - fprintf(stderr, "%s%s: %s\n", prefix, path, libevdev_get_name(device)); + _autofree_ char *name = str_sanitize(libevdev_get_name(device)); + fprintf(stderr, "%s%s: %s\n", prefix, path, name ? name : ""); libevdev_free(device); available_devices++; }