#8831: input_server shouldn't use pointers as a cookie ------------------------------------+---------------------------- Reporter: xyzzy | Owner: korli Type: bug | Status: new Priority: normal | Milestone: R1 Component: Servers/input_server | Version: R1/Development Resolution: | Keywords: Blocked By: | Blocking: Has a Patch: 0 | Platform: All ------------------------------------+---------------------------- Comment (by bonefish): I haven't really looked what happens with the pointer, particularly whether it is sent back to the input server and how it is used there. E.g. dangerous code in the input server would be: {{{ void* cookie; if (message.FindPointer("cookie", &cookie) == B_OK) { BInputServerMethod* method = (BInputServerMethod*)cookie; method->DoSomething(); } }}} This way a bug in the application hosting the replicant (i.e. the Deskbar) could compromise the input server. Harmless code would be: {{{ void* cookie; if (message.FindPointer("cookie", &cookie) == B_OK) { foreach (BInputServerMethod* method = ...) { if (cookie == method) method->DoSomething(); } } }}} In this case the only bad thing that could happen is that the wrong method is targeted due to pointer reuse. Though I guess that would be rather unlikely and harmless as well. -- Ticket URL: <http://dev.haiku-os.org/ticket/8831#comment:4> Haiku <http://dev.haiku-os.org> Haiku - the operating system.