fdo-mirrors/libinput
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libinput/libinput.git synced 2026-06-10 02:08:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
libinput/udev
History
Peter Hutterer 76f0d8a7f5 libinput-device-group: sanitize phys before printing it 
A malicious uinput device could set the phys value (via UI_SET_PHYS)
to contain a '\n'. When the value is printed as part of the device group
the udev rules will interpret it as separate property.

Depending on the property this can cause local privilege escalation.

Closes #1296

Found-by: Csome
Part-of: <https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/1487>
2026-06-04 08:43:10 +10:00
..
80-libinput-device-groups.rules.in udev: update rules to handle bind/unbind events 2020-11-24 23:47:31 +00:00
90-libinput-fuzz-override.rules.in udev: update rules to handle bind/unbind events 2020-11-24 23:47:31 +00:00
libinput-device-group.c libinput-device-group: sanitize phys before printing it 2026-06-04 08:43:10 +10:00
libinput-fuzz-extract.c udev: use xclose() instead of close() 2026-04-22 04:53:13 +00:00
libinput-fuzz-to-zero.c udev: use xclose() instead of close() 2026-04-22 04:53:13 +00:00