security: add per-client stream limit in PulseAudio protocol

There was no limit on the number of streams a single client could create. Each stream allocates a 4MB ring buffer, allowing a malicious client to exhaust server memory. Add a configurable pulse.max-streams property (default 64) to limit streams per client. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-05 06:46:28 -04:00 · 2026-04-29 16:28:05 +02:00 · 2026-04-29 16:28:05 +02:00 · 37990b5e90
commit 37990b5e90
parent 80ec1f1d10
7 changed files with 18 additions and 1 deletions
--- a/src/modules/module-protocol-pulse.c
+++ b/src/modules/module-protocol-pulse.c
@ -76,6 +76,7 @@
 *     #pulse.default.format   = F32
 *     #pulse.default.position = [ FL FR ]
 *     #pulse.idle.timeout     = 0
+ *     #pulse.max-streams      = 64
 * }
 *
 * pulse.properties.rules = [
@ -247,6 +248,12 @@
 * save battery power. When the client resumes, it will unpause again.
 * A value of 0 disables this feature.
 *
+ *\code{.unparsed}
+ *     pulse.max-streams = 64
+ *\endcode
+ *
+ * The maximum number of streams a single client can create. Default is 64.
+ *
 * ## Command execution
 *
 * As part of the server startup sequence, a set of commands can be executed.