[PATCH] xf86: fix flush input to work with Linux evdev devices.

Peter Hutterer peter.hutterer at who-t.net
Tue Apr 16 22:29:33 PDT 2013

From: Dave Airlie <airlied at gmail.com>

So when we VT switch back and attempt to flush the input devices,
we don't succeed because evdev won't return part of an event,
since we were only asking for 4 bytes, we'd only get -EINVAL back.

This could later cause events to be flushed that we shouldn't have

This is a fix for CVE-2013-1940.

Signed-off-by: Dave Airlie <airlied at redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
Corresponding bug is here: https://bugs.freedesktop.org/show_bug.cgi?id=63353
Original bug: https://bugzilla.redhat.com/CVE-2013-1940

Affected are all hotplugging-enabled servers using evdev.

If an input device is hotplugged while a server is VT-switched away, the
input received on the new device file is not flushed after the VT switch
back to that server. This can lead to some events from the device being sent 
into the session.

This issue was evaluated to be of low impact.

I've pushed this to master as 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f.

 hw/xfree86/os-support/shared/posix_tty.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
index ab3757a..4d08c1e 100644
--- a/hw/xfree86/os-support/shared/posix_tty.c
+++ b/hw/xfree86/os-support/shared/posix_tty.c
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
     fd_set fds;
     struct timeval timeout;
-    char c[4];
+    /* this needs to be big enough to flush an evdev event. */
+    char c[256];
     if (tcflush(fd, TCIFLUSH) == 0)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20130417/7222a473/attachment.pgp>

More information about the xorg-devel mailing list