[PATCH] os: restrict display names to digits
Peter Hutterer
peter.hutterer at who-t.net
Mon Jan 13 16:18:38 PST 2014
We call atoi() on the server's display to get the socket but otherwise use the
unmodified display for log file name, xkb paths, etc. This results in
Xorg :banana being the equivalent of Xorg :0, except for the log files being
in /var/log/Xorg.banana.log. I'm not sure there's a good use-case for this
behaviour.
Check the display for something that looks reasonable, i.e. digits only, but
do allow for :0.0 (i.e. digits, followed by a period, followed by one or two
digits).
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
os/utils.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/os/utils.c b/os/utils.c
index 608ee6a..3b20a5c 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -600,6 +600,10 @@ UseMsg(void)
static int
VerifyDisplayName(const char *d)
{
+ int i;
+ int period_found = FALSE;
+ int after_period = 0;
+
if (d == (char *) 0)
return 0; /* null */
if (*d == '\0')
@@ -610,6 +614,29 @@ VerifyDisplayName(const char *d)
return 0; /* must not equal "." or ".." */
if (strchr(d, '/') != (char *) 0)
return 0; /* very important!!! */
+
+ /* Since we run atoi() on the display later, only allow
+ for digits, or exception of :0.0 and similar (two decimal points max)
+ */
+ for (i = 0; i < strlen(d); i++) {
+ if (!isdigit(d[i])) {
+ if (d[i] != '.' || period_found)
+ return 0;
+ period_found = TRUE;
+ } else if (period_found)
+ after_period++;
+
+ if (after_period > 2)
+ return 0;
+ }
+
+ /* don't allow for :0. */
+ if (period_found && after_period == 0)
+ return 0;
+
+ if (atol(d) > INT_MAX)
+ return 0;
+
return 1;
}
--
1.8.4.2
More information about the xorg-devel
mailing list