mirror of
https://gitlab.freedesktop.org/xorg/xserver.git
synced 2025-12-25 10:40:06 +01:00
3b25ed442c
It is not safe to ever use an arbitrary (possibly user supplied) string as
part of the format for a *sprintf() call.
For example:
1. Name a Bluetooth keyboard "%n%n%n%n%n%n%n%n"
2. Pair it with a computer running X and try to use it
3. X is not happy when trying to do the following in xf86-input-evdev:
xf86IDrvMsg(pInfo, X_CONFIG, "Device: \"%s\"\n", device);
because LogVHdrMessageVerb() has put the %n from the device name
into a format string of the form:
"evdev: %n%n%n%n%n%n%n%n: Device: \"%s\"\n"
Instead, build up a log message in place by appending successive formatted
strings by sncprintf'ing to the end of the previous.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| access.c | ||
| auth.c | ||
| backtrace.c | ||
| client.c | ||
| connection.c | ||
| io.c | ||
| log.c | ||
| Makefile.am | ||
| mitauth.c | ||
| oscolor.c | ||
| osdep.h | ||
| osinit.c | ||
| rpcauth.c | ||
| strcasecmp.c | ||
| strcasestr.c | ||
| strlcat.c | ||
| strlcpy.c | ||
| strndup.c | ||
| utils.c | ||
| WaitFor.c | ||
| xdmauth.c | ||
| xdmcp.c | ||
| xprintf.c | ||
| xsha1.c | ||
| xstrans.c | ||