Hi, On 18 April 2012 13:14, Daniel Kurtz <[email protected]> wrote: > On Wed, Apr 18, 2012 at 7:42 PM, Daniel Stone <[email protected]> wrote: >> On 18 April 2012 10:51, Daniel Kurtz <[email protected]> wrote: >> > Input drivers like to prepend the device name to logging messages using >> > LogVHdrMessageVerb(). The current implementation of this function used >> > the >> > output of a snprintf() as the format string of another snprintf(). This >> > is a >> > big no-no, as a device name containing format strings could cause "Bad >> > Things" >> > to happen. >> >> ... really? If the kernel, root (given that /dev/input is 600 >> root:root by default) or your keyboard hardware is trying to attack >> you, I'm pretty sure format strings in device names are the least of >> your worries. > > Bluetooth device names are commonly assigned by users. > Including the possible name "%n%n%n%n". > That name may crash X.
Wow, that's pretty obnoxious - I'm surprised BlueZ even allows that to be honest ... Cheers, Daniel _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
