mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-05 06:46:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: add per-client operation count limit in PulseAudio protocol

Browse source 
There was no limit on pending operations per client. Commands like
SET_SINK_VOLUME each allocate an operation that persists until a
manager sync completes. A client flooding these commands can exhaust
server memory. Add a MAX_OPERATIONS (64) limit per client.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 17:16:44 +02:00
parent f32295429f
commit 138e30df38
3 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/modules/module-protocol-pulse/client.h
View file

@ -80,6 +80,7 @@ struct client {
struct spa_list out_messages;
struct spa_list operations;
uint32_t n_operations;
struct spa_list pending_samples;