[PATCH libevdev 2/2] uinput: change strcpy/strcat usage for snprintf

[Peter Hutterer]

Better protection against buffer overflow better, though by the time someone
is manipulating your sysfs, libevdev is unlikely to be the biggest worry.

Slight change in functionality: before we checked the timestamp of
/sys/devices/virtual/input/inputXYZ before looking at /inputXYZ/name, now we
just check the name file for the timestamp.

Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
 libevdev/libevdev-uinput.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/libevdev/libevdev-uinput.c b/libevdev/libevdev-uinput.c
index f8607d1..e8419e6 100644
--- a/libevdev/libevdev-uinput.c
+++ b/libevdev/libevdev-uinput.c
@@ -218,8 +218,12 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 		int fd, len;
 		struct stat st;
 
-		strcpy(buf, SYS_INPUT_DIR);
-		strcat(buf, namelist[i]->d_name);
+		rc = snprintf(buf, sizeof(buf), "%s%s/name",
+			      SYS_INPUT_DIR,
+			      namelist[i]->d_name);
+		if (rc < 0 || (size_t)rc >= sizeof(buf)) {
+			continue;
+		}
 
 		if (stat(buf, &st) == -1)
 			continue;
@@ -230,7 +234,6 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 			continue;
 
 		/* created within time frame */
-		strcat(buf, "/name");
 		fd = open(buf, O_RDONLY);
 		if (fd < 0)
 			continue;
@@ -247,8 +250,14 @@ fetch_syspath_and_devnode(struct libevdev_uinput *uinput_dev)
 				log_info(NULL, "multiple identical devices found. syspath is unreliable\n");
 				break;
 			} else {
-				strcpy(buf, SYS_INPUT_DIR);
-				strcat(buf, namelist[i]->d_name);
+				rc = snprintf(buf, sizeof(buf), "%s%s",
+					      SYS_INPUT_DIR,
+					      namelist[i]->d_name);
+				if (rc < 0 || (size_t)rc >= sizeof(buf)) {
+					log_error(NULL, "Invalid syspath, syspath is unreliable\n");
+					break;
+				}
+
 				uinput_dev->syspath = strdup(buf);
 				uinput_dev->devnode = fetch_device_node(buf);
 			}
-- 
1.9.3