XLibre/xf86-video-intel
1
0
Fork 0
mirror of https://github.com/X11Libre/xf86-video-intel.git synced 2026-03-24 01:24:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

backlight: Fix security issues in handling of the interface path name.

Browse Source 
- don't allow '/' in the interface name to avoid escaping the /sys
  hierarchy
- check snprintf() return value for overflow.

Problems reported by  Adam Sampson. Thanks.

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Reviewed-by: Hans de Goede <hdegoede@redhat.com>
This commit is contained in:
Matthieu Herrb
2014-07-04 18:26:09 +02:00
committed by Chris Wilson
parent 6a64a3ae55
commit 8fa22964f6
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tools/backlight_helper.c
View File

@@ -17,7 +17,15 @@ int main(int argc, char *argv[])
return 1;
}
snprintf(buf, sizeof(buf), "/sys/class/backlight/%s/brightness", argv[1]);
if (strchr(argv[1], '/') != NULL) {
fprintf(stderr, "Invalid interface name\n");
return 1;
}
if (snprintf(buf, sizeof(buf), "/sys/class/backlight/%s/brightness",
argv[1]) >= sizeof(buf)) {
fprintf(stderr, "Interface name is too long\n");
return 1;
}
fd = open(buf, O_RDWR);
if (fd < 0 || fstat(fd, &st) || major(st.st_dev)) {
fprintf(stderr, "Cannot access backlight interface '%s'\n", argv[1]);