xserver: Branch 'master'

[Peter Hutterer]

 hw/xfree86/os-support/shared/posix_tty.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

New commits:
commit 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f
Author: Dave Airlie <airlied at gmail.com>
Date:   Wed Apr 10 16:09:01 2013 +1000

    xf86: fix flush input to work with Linux evdev devices.
    
    So when we VT switch back and attempt to flush the input devices,
    we don't succeed because evdev won't return part of an event,
    since we were only asking for 4 bytes, we'd only get -EINVAL back.
    
    This could later cause events to be flushed that we shouldn't have
    gotten.
    
    This is a fix for CVE-2013-1940.
    
    Signed-off-by: Dave Airlie <airlied at redhat.com>
    Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
    Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>

diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
index ab3757a..4d08c1e 100644
--- a/hw/xfree86/os-support/shared/posix_tty.c
+++ b/hw/xfree86/os-support/shared/posix_tty.c
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
 {
     fd_set fds;
     struct timeval timeout;
-    char c[4];
+    /* this needs to be big enough to flush an evdev event. */
+    char c[256];
 
     DebugF("FlushingSerial\n");
     if (tcflush(fd, TCIFLUSH) == 0)