arabianq/pipewire-soundpad
1
0
Fork 0
mirror of https://github.com/arabianq/pipewire-soundpad.git synced 2026-04-28 06:21:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔒 Add request size limit to daemon socket IPC to prevent OOM panic (#31)

Browse Source 
The daemon was allocating memory based on an unverified length prefix
sent over the unauthenticated Unix socket, potentially allowing a malicious
client to cause an Out-Of-Memory panic (DoS). A 10 MB size limit has been
introduced.

Note: The previously reported `unwrap()` panic on invalid JSON payloads
was already fixed and replaced with a safe `match` block in a prior commit.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This commit is contained in:
Tarasov Aleksandr
2026-03-08 00:34:50 +03:00
committed by GitHub
parent 151f43f1ab
commit c99d0749e3
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/bin/daemon.rs
+5
View File
@@ -89,6 +89,11 @@ async fn commands_loop(listener: UnixListener) -> Result<(), Box<dyn Error>> {
let request_len = u32::from_le_bytes(len_bytes) as usize; let request_len = u32::from_le_bytes(len_bytes) as usize;
if request_len > 10 * 1024 * 1024 {
eprintln!("Failed to read message from client: request too large ({} bytes)!", request_len);
return;
}
let mut buffer = vec![0u8; request_len]; let mut buffer = vec![0u8; request_len];
if stream.read_exact(&mut buffer).await.is_err() { if stream.read_exact(&mut buffer).await.is_err() {
eprintln!("Failed to read message from client!"); eprintln!("Failed to read message from client!");