From 3a005aa21beea02e9b84c1849df9ebcd75cae438 Mon Sep 17 00:00:00 2001 From: John Tsiombikas Date: Wed, 30 Mar 2022 23:04:53 +0300 Subject: [PATCH] now that the serial device path can be changed through the API by any unpriviledged client, we can't trust it blindly any more. Added checks to make sure it's a TTY before trying to use it. --- src/dev.c | 14 ++++++++++++++ src/dev_serial.c | 5 +++++ 2 files changed, 19 insertions(+) diff --git a/src/dev.c b/src/dev.c index b44bcfb..d2bbb0c 100644 --- a/src/dev.c +++ b/src/dev.c @@ -19,7 +19,9 @@ along with this program. If not, see . #include #include #include +#include #include +#include #include "dev.h" #include "dev_usb.h" #include "dev_serial.h" @@ -108,12 +110,24 @@ void init_devices(void) void init_devices_serial(void) { + struct stat st; struct device *dev; spnav_event ev = {0}; /* try to open a serial device if specified in the config file */ if(cfg.serial_dev[0]) { if(!dev_path_in_use(cfg.serial_dev)) { + if(stat(cfg.serial_dev, &st) == -1) { + logmsg(LOG_ERR, "Failed to stat serial device %s: %s\n", + cfg.serial_dev, strerror(errno)); + return; + } + if(!S_ISCHR(st.st_mode)) { + logmsg(LOG_ERR, "Ignoring configured serial device: %s: %s\n", + cfg.serial_dev, "not a character device"); + return; + } + dev = add_device(); strcpy(dev->path, cfg.serial_dev); if(open_dev_serial(dev) == -1) { diff --git a/src/dev_serial.c b/src/dev_serial.c index 659da61..c5efee6 100644 --- a/src/dev_serial.c +++ b/src/dev_serial.c @@ -117,6 +117,11 @@ int open_dev_serial(struct device *dev) logmsg(LOG_ERR, "open_dev_serial: failed to open device: %s: %s\n", dev->path, strerror(errno)); return -1; } + if(!isatty(fd)) { + logmsg(LOG_ERR, "open_dev_serial: refusing to use %s: not a TTY\n", dev->path); + close(fd); + return -1; + } if(!(sb = calloc(1, sizeof *sb))) { logmsg(LOG_ERR, "open_dev_serial: failed to allocate sball object\n");