[PATCH v2: setxkbmap 2/3] Bug 34151: Potential bug and buffer overflow due to misused rules filename

Van de Bugger van.de.bugger at gmail.com
Sat Feb 12 02:06:22 PST 2011


Alan,

Did you build it before sending the patch? ;-)

Ok, seriously: Is there any tests for setxkbmap someone can run before
sending the patch?

Van.

On Sat, 2011-02-12 at 09:48 +0100, Dirk Wallenstein wrote:
> On Thu, Feb 10, 2011 at 11:01:58PM -0800, Alan Coopersmith wrote:
> > https://bugs.freedesktop.org/show_bug.cgi?id=34151
> > 
> > Use rfName consistently, instead of sometimes reverting to svValue[RULES_NDX]
> > 
> > Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> > ---
> > 
> > This patch is actually appearing for the first time in version 2 of this
> > series.
> > 
> >  setxkbmap.c |    4 ++--
> >  1 files changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/setxkbmap.c b/setxkbmap.c
> > index 511659b..9f92e2e 100644
> > --- a/setxkbmap.c
> > +++ b/setxkbmap.c
> > @@ -850,13 +850,13 @@ applyRules(void)
> >                            inclPath[i], rfName);
> >                      continue;
> >                  }
> > -                sprintf(buf, "%s/rules/%s", inclPath[i], svValue[RULES_NDX]);
> > +                sprintf(buf, "%s/rules/%s", inclPath[i], rfName);
> >                  rules = XkbRF_Load(buf, svValue[LOCALE_NDX], True, True);
> >              }
> >          }
> >          if (!rules)
> >          {
> > -            ERR1("Couldn't find rules file (%s) \n", svValue[RULES_NDX]);
> > +            ERR1("Couldn't find rules file (%s) \n", rfname);
> Typo:                                                   ^^^^^^ rfName
> 
> >              return False;
> >          }
> >          /* Let the rules file to the magic, then update the svValues with
> > -- 
> > 1.7.3.2
> > 
> 
> There is another use of svValue[RULES_NDX] further down.
> 




More information about the xorg-devel mailing list