[PATCH xserver 2/3] Xi: check request size for xXIAllowEvents based on client version
Peter Hutterer
peter.hutterer at who-t.net
Thu Jan 26 21:50:46 PST 2012
This request got 4 bytes added in XI 2.2.
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
Xi/xiallowev.c | 19 ++++++++++++++++++-
1 files changed, 18 insertions(+), 1 deletions(-)
diff --git a/Xi/xiallowev.c b/Xi/xiallowev.c
index 5d3116d..aadcf62 100644
--- a/Xi/xiallowev.c
+++ b/Xi/xiallowev.c
@@ -41,6 +41,7 @@
#include <X11/extensions/XI2proto.h>
#include "exglobals.h" /* BadDevice */
+#include "exevents.h"
#include "xiallowev.h"
int
@@ -102,9 +103,22 @@ ProcXIAllowEvents(ClientPtr client)
DeviceIntPtr dev;
int ret = Success;
uint32_t touchid;
+ XIClientPtr xi_client;
+ int has_xi22 = FALSE;
REQUEST(xXIAllowEventsReq);
- /* FIXME: check request length, 12 for XI 2.0+, 16 for XI 2.2+ */
+
+ xi_client = dixLookupPrivate(&client->devPrivates, XIClientPrivateKey);
+ if (!xi_client)
+ return BadRequest;
+
+ if (version_compare(xi_client->major_version,
+ xi_client->minor_version, 2, 2) >= 0)
+ {
+ has_xi22 = TRUE;
+ REQUEST_AT_LEAST_SIZE(xXIAllowEventsReq);
+ } else
+ REQUEST_SIZE_MATCH(xXIAllowEventsReq);
ret = dixLookupDevice(&dev, stuff->deviceid, client, DixGetAttrAccess);
if (ret != Success)
@@ -136,6 +150,9 @@ ProcXIAllowEvents(ClientPtr client)
break;
case XIRejectTouch:
case XIAcceptTouch:
+ if (!has_xi22)
+ return BadValue;
+
touchid = *(uint32_t*)&stuff[1];
ret = AllowTouch(client, dev,
stuff->mode, touchid,
--
1.7.7.5
More information about the xorg-devel
mailing list