fdo-mirrors/libinput
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libinput/libinput.git synced 2025-12-20 05:40:04 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
libinput/test
History
Exact
Peter Hutterer 04f22107e1 evdev: strip the device name of format directives 
This fixes a format string vulnerabilty.

evdev_log_message() composes a format string consisting of a fixed
prefix (including the rendered device name) and the passed-in format
buffer. This format string is then passed with the arguments to the
actual log handler, which usually and eventually ends up being printf.

If the device name contains a printf-style format directive, these ended
up in the format string and thus get interpreted correctly, e.g. for a
device "Foo%sBar" the log message vs printf invocation ends up being:
  evdev_log_message(device, "some message %s", "some argument");
  printf("event9 - Foo%sBar: some message %s", "some argument");

This can enable an attacker to execute malicious code with the
privileges of the process using libinput.

To exploit this, an attacker needs to be able to create a kernel device
with a malicious name, e.g. through /dev/uinput or a Bluetooth device.

To fix this, convert any potential format directives in the device name
by duplicating percentages.

Pre-rendering the device to avoid the issue altogether would be nicer
but the current log level hooks do not easily allow for this. The device
name is the only user-controlled part of the format string.

A second potential issue is the sysname of the device which is also
sanitized.

This issue was found by Albin Eldstål-Ahrens and Benjamin Svensson from
Assured AB, and independently by Lukas Lamster.

Fixes #752

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit a423d7d326)
2022-04-20 13:39:27 +10:00
..
50-litest.conf test: rename the identifier in the 50-litest.conf 2020-07-15 09:36:48 +10:00
build-cxx.cc meson.build: drop the separate cpp flags 2020-09-09 13:57:39 +10:00
build-pedantic.c Fix a couple of coding style issues 2015-05-01 12:09:57 +10:00
check-double-macros.h Add the ck_double_eq_tol() macros to the backwards compat headers 2019-08-08 13:58:54 +10:00
check-leftover-udev-rules.sh test: add a script to check for leftover litest rules 2018-03-23 12:41:23 +10:00
generate-gcov-report.sh Hook up gcov for coverage reports 2017-01-20 10:35:37 +10:00
helper-copy-and-exec-from-tmp.sh tools: move the builddir lookup function out to a separate file 2019-03-14 11:28:05 +10:00
libinput-test-suite.man test: rename the identifier in the 50-litest.conf 2020-07-15 09:36:48 +10:00
litest-device-absinfo-override.c test: add a test case for checking EVDEV_ABS overrides 2020-02-12 21:22:01 +10:00
litest-device-acer-hawaii-keyboard.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-acer-hawaii-touchpad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-aiptek-tablet.c test: mark the tablets that require forced prox out as such 2020-02-13 04:53:27 +00:00
litest-device-alps-3fg.c touchpad: correct a wrong slot count by the kernel 2020-01-29 15:58:49 +10:00
litest-device-alps-dualpoint.c test: fix the input_id struct for the ALPS touchpad 2018-06-14 15:22:38 +10:00
litest-device-alps-semi-mt.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-anker-mouse-kbd.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-apple-appletouch.c test: fix a test device section name 2018-06-14 15:54:02 +10:00
litest-device-apple-internal-keyboard.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-apple-magicmouse.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-asus-rog-gladius.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-atmel-hover.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-bcm5974.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-calibrated-touchscreen.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-cyborg-rat-5.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-dell-canvas-totem-touch.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-dell-canvas-totem.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-elan-tablet.c test: set the elan test device to always double up on tool bits 2020-09-22 17:35:41 +10:00
litest-device-elantech-touchpad.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-format-string.c evdev: strip the device name of format directives 2022-04-20 13:39:27 +10:00
litest-device-generic-pressurepad.c touchpad: disable the pressure axes wherever the resolution is nonzero 2021-02-08 03:38:26 +00:00
litest-device-generic-singletouch.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-gpio-keys.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-hp-wmi-hotkeys.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-huion-pentablet.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-ignored-mouse.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-keyboard-all-codes.c test: let the device custom create method return a bool 2019-03-22 16:23:17 +10:00
litest-device-keyboard-quirked.c quirks: add AttrInputPropEnable and Disable 2020-10-23 13:35:50 +10:00
litest-device-keyboard-razer-blackwidow.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-keyboard-razer-blade-stealth-videoswitch.c Merge branch 'wip/litest-use-sections-for-tests-v2' 2017-09-25 14:35:46 +10:00
litest-device-keyboard-razer-blade-stealth.c Merge branch 'wip/litest-use-sections-for-tests-v2' 2017-09-25 14:35:46 +10:00
litest-device-keyboard.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-lid-switch-surface3.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-lid-switch.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-logitech-media-keyboard-elite.c test: add two test devices for the false joystick labelling 2020-08-13 11:02:33 +10:00
litest-device-logitech-trackball.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-magic-trackpad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-mouse-low-dpi.c High-resolution scroll wheel support 2021-08-31 08:45:01 +02:00
litest-device-mouse-roccat.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-mouse-wheel-click-angle.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-mouse-wheel-click-count.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-mouse-wheel-tilt.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-mouse.c High-resolution scroll wheel support 2021-08-31 08:45:01 +02:00
litest-device-ms-nano-transceiver-mouse.c Remove some duplicate empty lines 2018-04-16 15:14:23 +10:00
litest-device-ms-surface-cover.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-nexus4-touch-screen.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-protocol-a-touch-screen.c test: fix the ABS_Y handling for the Protocol A test device 2020-07-09 09:50:49 +10:00
litest-device-qemu-usb-tablet.c test: make the custom touch override methods filter-able 2020-01-29 15:58:49 +10:00
litest-device-sony-vaio-keys.c test: add two test devices for the false joystick labelling 2020-08-13 11:02:33 +10:00
litest-device-synaptics-hover.c udev: drop the JUMPING_SEMI_MT quirk, no-one uses it 2018-05-31 13:09:37 +10:00
litest-device-synaptics-i2c.c Switch from udev property parsing to the quirks system 2018-06-08 14:37:22 +10:00
litest-device-synaptics-pressurepad.c touchpad: disable the pressure axes wherever the resolution is nonzero 2021-02-08 03:38:26 +00:00
litest-device-synaptics-rmi4.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-synaptics-st.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-synaptics-t440.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-synaptics-x1-carbon-3rd.c Switch from udev property parsing to the quirks system 2018-06-08 14:37:22 +10:00
litest-device-synaptics-x220.c test: rename the x220 clickpad to something more telling 2018-08-07 10:00:40 +10:00
litest-device-tablet-mode-switch.c evdev: filter unreliable tablet mode switch events 2020-06-03 22:32:56 +00:00
litest-device-thinkpad-extrabuttons.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-touch-screen.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-touchscreen-fuzz.c udev: re-instate the model-quirks callout 2018-09-10 15:57:27 +10:00
litest-device-touchscreen-invalid-range.c test: remove unsupported events from the invalid-range touchscreen test device 2018-07-16 10:37:42 +10:00
litest-device-touchscreen-mt-tool.c fallback: add support for ABS_MT_TOOL_TYPE for touch screens 2018-08-03 14:21:18 +10:00
litest-device-trackpoint.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-uclogic-tablet.c test: mark the tablets that require forced prox out as such 2020-02-13 04:53:27 +00:00
litest-device-vmware-virtual-usb-mouse.c test: make the custom touch override methods filter-able 2020-01-29 15:58:49 +10:00
litest-device-wacom-bamboo-2fg-finger.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-bamboo-2fg-pad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-bamboo-2fg-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-bamboo-16fg-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-cintiq-12wx-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-cintiq-13hdt-finger.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-cintiq-13hdt-pad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-cintiq-13hdt-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-cintiq-24hd-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-cintiq-24hdt-pad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-cintiq-pro-16-finger.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-cintiq-pro-16-pad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-cintiq-pro-16-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-ekr.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-hid4800-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-intuos3-pad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-intuos5-finger.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-intuos5-pad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-wacom-intuos5-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-isdv4-4200-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-isdv4-e6-finger.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-device-wacom-isdv4-e6-pen.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wacom-mobilestudio-pro-pad.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-waltop-tablet.c test: auto-assign the tool type for tablet tests 2020-09-22 17:35:41 +10:00
litest-device-wheel-only.c test: auto-generate the udev rules 2019-06-14 08:52:58 +10:00
litest-device-xen-virtual-pointer.c test: make the custom touch override methods filter-able 2020-01-29 15:58:49 +10:00
litest-device-yubikey.c test: switch to a TEST_DEVICE macro for all the litest test devices 2017-09-21 15:06:17 +10:00
litest-int.h test: wrap the litest user data into a struct 2021-02-12 11:04:57 +10:00
litest-selftest.c Fix a few coverity complaints 2020-11-10 14:27:22 +10:00
litest.c test: add kernel bugs to log handler 2021-09-27 22:43:22 +00:00
litest.h evdev: strip the device name of format directives 2022-04-20 13:39:27 +10:00
symbols-leak-test test: tidy up the symbols leak test 2018-07-12 11:09:00 +10:00
test-builddir-lookup.c tools: move the builddir lookup function out to a separate file 2019-03-14 11:28:05 +10:00
test-device.c use ARRAY_FOR_EACH when traverse array 2021-09-12 15:58:16 +00:00
test-gestures.c High-resolution scroll wheel support 2021-08-31 08:45:01 +02:00
test-keyboard.c test: drop the custom group names 2021-02-12 15:24:15 +10:00
test-library-version.c test: split the library version test out 2019-03-14 11:28:05 +10:00
test-log.c test: use a plain libinput context for the log priority check 2021-10-19 13:05:00 +10:00
test-misc.c libinput: add hold to get base event 2021-09-24 19:06:53 +02:00
test-pad.c test: drop the custom group names 2021-02-12 15:24:15 +10:00
test-path.c evdev: remove device when it is gone 2021-06-21 10:41:19 +00:00
test-pointer.c fallback: hires scroll heuristics for buggy devices 2021-09-27 22:43:22 +00:00
test-quirks.c test: Add test for parsing of boolean quirk attributes. 2021-07-30 06:11:20 -07:00
test-switch.c High-resolution scroll wheel support 2021-08-31 08:45:01 +02:00
test-tablet.c gestures: add hold gesture implementation 2021-06-09 01:18:58 +00:00
test-totem.c test: drop the custom group names 2021-02-12 15:24:15 +10:00
test-touch.c test: drop the custom group names 2021-02-12 15:24:15 +10:00
test-touchpad-buttons.c Replace fallthrough comments with __attribute__((fallthrough)) 2021-07-22 23:14:43 +00:00
test-touchpad-tap.c High-resolution scroll wheel support 2021-08-31 08:45:01 +02:00
test-touchpad.c touchpad: fix leak when the touchpad is removed before the dwt keyboard 2021-09-15 09:03:21 +10:00
test-trackball.c test: drop the custom group names 2021-02-12 15:24:15 +10:00
test-trackpoint.c High-resolution scroll wheel support 2021-08-31 08:45:01 +02:00
test-udev.c test: create devices for our udev seat checks 2021-08-09 10:50:25 +10:00
test-util-includes.c Split utility functions into separate source files 2019-09-11 12:23:04 +10:00
test-utils.c evdev: strip the device name of format directives 2022-04-20 13:39:27 +10:00
valgrind.suppressions test: grab the device before any lid or tablet mode switches 2020-07-07 18:51:33 +10:00