xf86-video-intel: tools/backlight_helper.c

Chris Wilson ickle at kemper.freedesktop.org
Fri Jul 4 12:34:28 PDT 2014


 tools/backlight_helper.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

New commits:
commit 8fa22964f69d3ec8700f177dd7cb3cbc396a9f35
Author: Matthieu Herrb <matthieu at herrb.eu>
Date:   Fri Jul 4 18:26:09 2014 +0200

    backlight: Fix security issues in handling of the interface path name.
    
    - don't allow '/' in the interface name to avoid escaping the /sys
      hierarchy
    - check snprintf() return value for overflow.
    
    Problems reported by  Adam Sampson. Thanks.
    
    Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
    Reviewed-by: Reviewed-by: Hans de Goede <hdegoede at redhat.com>

diff --git a/tools/backlight_helper.c b/tools/backlight_helper.c
index 11abebc..24958ec 100644
--- a/tools/backlight_helper.c
+++ b/tools/backlight_helper.c
@@ -17,7 +17,15 @@ int main(int argc, char *argv[])
 		return 1;
 	}
 
-	snprintf(buf, sizeof(buf), "/sys/class/backlight/%s/brightness", argv[1]);
+	if (strchr(argv[1], '/') != NULL) {
+		fprintf(stderr, "Invalid interface name\n");
+		return 1;
+	}
+	if (snprintf(buf, sizeof(buf), "/sys/class/backlight/%s/brightness",
+		argv[1]) >= sizeof(buf)) {
+		fprintf(stderr, "Interface name is too long\n");
+		return 1;
+	}
 	fd = open(buf, O_RDWR);
 	if (fd < 0 || fstat(fd, &st) || major(st.st_dev)) {
 		fprintf(stderr, "Cannot access backlight interface '%s'\n", argv[1]);


More information about the xorg-commit mailing list