[PATCH v2: setxkbmap 2/3] Bug 34151: Potential bug and buffer overflow due to misused rules filename
Alan Coopersmith
alan.coopersmith at oracle.com
Sat Feb 12 10:51:26 PST 2011
On 02/12/11 12:48 AM, Dirk Wallenstein wrote:
> On Thu, Feb 10, 2011 at 11:01:58PM -0800, Alan Coopersmith wrote:
>> https://bugs.freedesktop.org/show_bug.cgi?id=34151
>>
>> Use rfName consistently, instead of sometimes reverting to svValue[RULES_NDX]
>>
>> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
>> ---
>>
>> This patch is actually appearing for the first time in version 2 of this
>> series.
>>
>> setxkbmap.c | 4 ++--
>> 1 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/setxkbmap.c b/setxkbmap.c
>> index 511659b..9f92e2e 100644
>> --- a/setxkbmap.c
>> +++ b/setxkbmap.c
>> @@ -850,13 +850,13 @@ applyRules(void)
>> inclPath[i], rfName);
>> continue;
>> }
>> - sprintf(buf, "%s/rules/%s", inclPath[i], svValue[RULES_NDX]);
>> + sprintf(buf, "%s/rules/%s", inclPath[i], rfName);
>> rules = XkbRF_Load(buf, svValue[LOCALE_NDX], True, True);
>> }
>> }
>> if (!rules)
>> {
>> - ERR1("Couldn't find rules file (%s) \n", svValue[RULES_NDX]);
>> + ERR1("Couldn't find rules file (%s) \n", rfname);
> Typo: ^^^^^^ rfName
Yeah, that was a manual merge error when rebasing to insert in the middle of the
existing patch series. I'd fixed in my tree but mailed the wrong version.
>> return False;
>> }
>> /* Let the rules file to the magic, then update the svValues with
>> --
>> 1.7.3.2
>>
>
> There is another use of svValue[RULES_NDX] further down.
Ah, yes, I guess we should report the same rules file we used, I'll fix that:
MSG1("Applied rules from %s:\n", svValue[RULES_NDX]);
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
More information about the xorg-devel
mailing list