xf86-video-intel: tools/backlight_helper.c
Chris Wilson
ickle at kemper.freedesktop.org
Fri Jul 4 12:34:28 PDT 2014
tools/backlight_helper.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
New commits:
commit 8fa22964f69d3ec8700f177dd7cb3cbc396a9f35
Author: Matthieu Herrb <matthieu at herrb.eu>
Date: Fri Jul 4 18:26:09 2014 +0200
backlight: Fix security issues in handling of the interface path name.
- don't allow '/' in the interface name to avoid escaping the /sys
hierarchy
- check snprintf() return value for overflow.
Problems reported by Adam Sampson. Thanks.
Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
Reviewed-by: Reviewed-by: Hans de Goede <hdegoede at redhat.com>
diff --git a/tools/backlight_helper.c b/tools/backlight_helper.c
index 11abebc..24958ec 100644
--- a/tools/backlight_helper.c
+++ b/tools/backlight_helper.c
@@ -17,7 +17,15 @@ int main(int argc, char *argv[])
return 1;
}
- snprintf(buf, sizeof(buf), "/sys/class/backlight/%s/brightness", argv[1]);
+ if (strchr(argv[1], '/') != NULL) {
+ fprintf(stderr, "Invalid interface name\n");
+ return 1;
+ }
+ if (snprintf(buf, sizeof(buf), "/sys/class/backlight/%s/brightness",
+ argv[1]) >= sizeof(buf)) {
+ fprintf(stderr, "Interface name is too long\n");
+ return 1;
+ }
fd = open(buf, O_RDWR);
if (fd < 0 || fstat(fd, &st) || major(st.st_dev)) {
fprintf(stderr, "Cannot access backlight interface '%s'\n", argv[1]);
More information about the xorg-commit
mailing list