a40e825474
http://lists.x.org/archives/xorg-devel/2013-April/036014.html It's a low-priority issue, but it should cause almost no rebuilds.
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f Mon Sep 17 00:00:00 2001
|
|
From: Dave Airlie <airlied@gmail.com>
|
|
Date: Wed, 10 Apr 2013 06:09:01 +0000
|
|
Subject: xf86: fix flush input to work with Linux evdev devices.
|
|
|
|
So when we VT switch back and attempt to flush the input devices,
|
|
we don't succeed because evdev won't return part of an event,
|
|
since we were only asking for 4 bytes, we'd only get -EINVAL back.
|
|
|
|
This could later cause events to be flushed that we shouldn't have
|
|
gotten.
|
|
|
|
This is a fix for CVE-2013-1940.
|
|
|
|
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
---
|
|
diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
|
|
index ab3757a..4d08c1e 100644
|
|
--- a/hw/xfree86/os-support/shared/posix_tty.c
|
|
+++ b/hw/xfree86/os-support/shared/posix_tty.c
|
|
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
|
|
{
|
|
fd_set fds;
|
|
struct timeval timeout;
|
|
- char c[4];
|
|
+ /* this needs to be big enough to flush an evdev event. */
|
|
+ char c[256];
|
|
|
|
DebugF("FlushingSerial\n");
|
|
if (tcflush(fd, TCIFLUSH) == 0)
|
|
--
|
|
cgit v0.9.0.2-2-gbebe
|