security: reduce MAX_PERMISSIONS to limit alloca stack usage

Memory Safety: Medium The parse_permissions_struct macro in protocol-native uses alloca() to allocate space for permissions received from protocol messages. With MAX_PERMISSIONS=4096 and sizeof(struct pw_permission)=8, this could allocate up to 32KB on the stack from a single message. Combined with parse_dict (up to 16KB), a crafted message could consume ~48KB of stack space. Reduce MAX_PERMISSIONS from 4096 to 1024 (matching MAX_DICT) to limit the maximum stack allocation to 8KB. This is still more than sufficient for any legitimate permission update - typical systems have far fewer than 1024 objects that need individual permission entries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-02 06:46:36 -04:00 · 2026-04-29 13:33:51 +02:00 · 2026-04-29 13:33:51 +02:00 · 0816d4a2fd
commit 0816d4a2fd
parent c3c11e4c76
1 changed files with 1 additions and 1 deletions
--- a/src/modules/module-protocol-native/connection.h
+++ b/src/modules/module-protocol-native/connection.h
@ -12,7 +12,7 @@

 #define MAX_DICT	1024
 #define MAX_PARAM_INFO	128
-#define MAX_PERMISSIONS	4096
+#define MAX_PERMISSIONS	1024

 #ifdef __cplusplus
 extern "C" {