mirror of
https://github.com/arabianq/pipewire-soundpad.git
synced 2026-04-28 14:31:23 +00:00
🔒 Fix potential memory exhaustion in socket reads (#59)
Addresses a security vulnerability where the daemon or client could be forced to allocate up to 10MB of memory per malformed socket message, potentially leading to Out-Of-Memory (OOM) crashes. Changes: - Introduced a central `MAX_MESSAGE_SIZE` constant of 128KB in `src/types/socket.rs`. - Enforced the 128KB limit on incoming requests in `src/bin/daemon.rs`. - Enforced the 128KB limit on incoming responses in `src/utils/daemon.rs`. - Preserved detailed `eprintln!` logging when messages are rejected. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This commit is contained in:
Tarasov Aleksandr
committed by
GitHub
GitHub
parent
5367a3daae
commit
70c7e3789b
@@ -1,6 +1,8 @@
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::collections::HashMap;
|
||||
|
||||
pub const MAX_MESSAGE_SIZE: usize = 128 * 1024;
|
||||
|
||||
#[derive(Default, Debug, Clone, Serialize, Deserialize, PartialEq)]
|
||||
pub struct Request {
|
||||
pub name: String,
|
||||
|
||||
Reference in New Issue
Block a user