This fixes a format string vulnerabilty.
evdev_log_message() composes a format string consisting of a fixed
prefix (including the rendered device name) and the passed-in format
buffer. This format string is then passed with the arguments to the
actual log handler, which usually and eventually ends up being printf.
If the device name contains a printf-style format directive, these ended
up in the format string and thus get interpreted correctly, e.g. for a
device "Foo%sBar" the log message vs printf invocation ends up being:
evdev_log_message(device, "some message %s", "some argument");
printf("event9 - Foo%sBar: some message %s", "some argument");
This can enable an attacker to execute malicious code with the
privileges of the process using libinput.
To exploit this, an attacker needs to be able to create a kernel device
with a malicious name, e.g. through /dev/uinput or a Bluetooth device.
To fix this, convert any potential format directives in the device name
by duplicating percentages.
Pre-rendering the device to avoid the issue altogether would be nicer
but the current log level hooks do not easily allow for this. The device
name is the only user-controlled part of the format string.
A second potential issue is the sysname of the device which is also
sanitized.
This issue was found by Albin Eldstål-Ahrens and Benjamin Svensson from
Assured AB, and independently by Lukas Lamster.
Fixes#752
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit a423d7d326)
Starting with meson v0.49.0, the "/" operator can be used instead of
join_paths.
Update meson to v0.49.0 and remove all calls to join_paths.
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Valgrind can be too slow to run some time based tests. In those cases, we
need to disable hold gestures.
Add the required functions to configure hold gestures: enable, disable,
get default state and get current state.
Keep them private as they are intended to be used only from the tests.
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
This makes it easier to visualize changes in various axes or key states that
should not be there, doubly so for long recordings.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Just like the other python-based tools it's just a basename copy, so let's be
consistent here and have all tools perform that way.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
They all use the same configure_file() process, so let's do them all in a
loop.
Exceptions are the test-suite man page.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The group names are forced by check (they are called suite names there) but
for our test suite they provide very little benefit. Much easier to just
use the filename a test is in as group name.
This removes the pure substring match for --filter-group, it's now fnmatch
only. group names are short enough that the typing isn't an issue and we don't
want to run tests twice (e.g. 'pad' is also in 'touchpad').
This patch caused #574 until it got fixed in d838e3a3a4
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Users that need to create the local-overrides.quirks are sometimes hesitant to
do so because /etc/libinput doesn't exist by default. Let's create it on
install.
Related #568
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The kernel/udev set the pressure resolution to nonzero to indicate the value
is in a known scale (units/g). We use that information to disable the
pressure axis on such devices - real pressure cannot be translated to
contact size.
For the kernel patch see:
https://www.spinics.net/lists/linux-input/msg71237.htmlFixes#569
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This touchpad is a true pressurepad and the pressure axis gives us physical
pressure down. Using it as contact size gives flaky touch detection, so let's
just disable the axis until we do something with that value.
Fixes#562
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The latter requires libevdev 1.10 but since that'll take a while to filter
into our various CI systems, let's make it conditional.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Currently unused, but let's get this in because we may need this very soon for
broken tablets.
Enabling EV_ABS axes requires an absinfo struct - we default to a simple 0-1
axis range for those as the most generic option. Anything more custom will
need more custom treatment when we need it.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
These seem like a decent-enough set to have, only -Wlogical-op actually
produced a new warning.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
install_subdir() by default also copies the 'quirks' directory, resulting in
the quirks files being in <datadir>/libinput/quirks/*.quirks as opposed to the
previous <datadir>/libinput/*.quirks.
Fixes 727dc44b04
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This removes the need to check whether the files were added in meson.build but
requires litest to traverse the source dir now.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If we know that the tablet mode switch is bogus anyway, filter the event and
don't pass it to the caller. They won't know whether it's bogus so the only
result we get here is buggy behaviour.
This is the simplest solution here, it filters the mode switch at the lowest
level and thus the caller won't know that the tablet even has a mode switch at
all. Where the device doesn't have any other switches it'll also lose the
switch capability.
This may cause issues in some niche cases where the event node only has
that one bit and we now disabled it leaving us with a zero-event bit device.
Shouldn't matter to callers, but let's see.
Fixes#491
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Replacement for the touchpad-edge-detector tool with a slightly more
expressive design, hopefully cutting down on some of the bug reports.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
