scorpionit / rpms / xorg-x11-server

Forked from rpms/xorg-x11-server 4 years ago
Clone
Source Code
GIT

Files

ajax/upstream f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f7 f8 f9 master olpc2 olpc3 private-1_2-branch private-unbreak-domain-branch
  1.   f18
  2.   0001-xf86-fix-flush-input-to-work-with-Linux-evdev-device.patch
Blob Blame History Raw 
From 8647ee8f422e1ea9212d84ae14ef2163793bcdc8 Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@gmail.com>
Date: Wed, 10 Apr 2013 16:09:01 +1000
Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices.

So when we VT switch back and attempt to flush the input devices,
we don't succeed because evdev won't return part of an event,
since we were only asking for 4 bytes, we'd only get -EINVAL back.

This could later cause events to be flushed that we shouldn't have
gotten.

This is a fix for CVE-2013-1940.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 hw/xfree86/os-support/shared/posix_tty.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
index ab3757a..4d08c1e 100644
--- a/hw/xfree86/os-support/shared/posix_tty.c
+++ b/hw/xfree86/os-support/shared/posix_tty.c
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
 {
     fd_set fds;
     struct timeval timeout;
-    char c[4];
+    /* this needs to be big enough to flush an evdev event. */
+    char c[256];
 
     DebugF("FlushingSerial\n");
     if (tcflush(fd, TCIFLUSH) == 0)
-- 
1.8.1.4
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.