arabianq/pipewire-soundpad
1
0
Fork 0
mirror of https://github.com/arabianq/pipewire-soundpad.git synced 2026-04-28 06:21:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): eliminate TOCTOU vulnerability during socket removal (#36)

Browse Source 
Directly attempt to remove the daemon socket file and handle NotFound errors
instead of checking for its existence first. This prevents a potential
race condition where the file could be replaced between the check and
the removal.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This commit is contained in:
Tarasov Aleksandr
2026-03-08 02:13:19 +03:00
committed by GitHub
parent 261f83efd4
commit 3c2e943e18
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/bin/daemon.rs
+4 -2
View File
@@ -47,8 +47,10 @@ async fn main() -> Result<(), Box<dyn Error>> {
lock_file.lock()?; lock_file.lock()?;
let socket_path = runtime_dir.join("daemon.sock"); let socket_path = runtime_dir.join("daemon.sock");
if fs::metadata(&socket_path).is_ok() { if let Err(e) = fs::remove_file(&socket_path) {
fs::remove_file(&socket_path)?; if e.kind() != std::io::ErrorKind::NotFound {
return Err(e.into());
}
} }
let listener = UnixListener::bind(&socket_path)?; let listener = UnixListener::bind(&socket_path)?;