fdo-mirrors/libinput
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libinput/libinput.git synced 2026-06-18 13:08:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
libinput/udev
History
Peter Hutterer f5ac1e51ff libinput-device-group: sanitize phys before printing it 
A malicious uinput device could set the phys value (via UI_SET_PHYS)
to contain a '\n'. When the value is printed as part of the device group
the udev rules will interpret it as separate property.

Depending on the property this can cause local privilege escalation.

Closes #1296

Found-by: Csome
(cherry picked from commit 76f0d8a7f5)

Part-of: <https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/1488>
2026-06-04 10:29:46 +10:00
..
80-libinput-device-groups.rules.in udev: update rules to handle bind/unbind events 2020-11-24 23:47:31 +00:00
90-libinput-fuzz-override.rules.in udev: update rules to handle bind/unbind events 2020-11-24 23:47:31 +00:00
libinput-device-group.c libinput-device-group: sanitize phys before printing it 2026-06-04 10:29:46 +10:00
libinput-fuzz-extract.c Run clang-format over the code 2025-07-01 16:42:44 +10:00
libinput-fuzz-to-zero.c Run clang-format over the code 2025-07-01 16:42:44 +10:00