mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-02 06:46:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix JSON injection in simple-protocol-tcp address

Browse source 
The listen address was inserted into a JSON array without escaping.
Build the address string first, then encode it with
spa_json_encode_string.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-30 09:15:36 +02:00
parent 0ae17566f2
commit 390874e7c3
1 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/modules/module-protocol-pulse/modules/module-simple-protocol-tcp.c
View file

@ -2,6 +2,7 @@
/* SPDX-FileCopyrightText: Copyright © 2021 Wim Taymans <wim.taymans@gmail.com> */
/* SPDX-License-Identifier: MIT */
#include <spa/utils/json.h>
#include <pipewire/impl.h>
#include <pipewire/pipewire.h>
@ -169,8 +170,13 @@ static int module_simple_protocol_tcp_prepare(struct module * const module)
port = "4711";
listen = pw_properties_get(props, "listen");
pw_properties_setf(module_props, "server.address", "[ \"tcp:%s%s%s\" ]",
listen ? listen : "", listen ? ":" : "", port);
{
char address[1024], encoded[1024];
snprintf(address, sizeof(address), "tcp:%s%s%s",
listen ? listen : "", listen ? ":" : "", port);
spa_json_encode_string(encoded, sizeof(encoded), address);
pw_properties_setf(module_props, "server.address", "[ %s ]", encoded);
}
d->module = module;
d->module_props = module_props;