mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-02 06:46:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: limit blocklist regex length in switch-on-connect module

Browse source 
A PulseAudio client can load this module with an arbitrarily complex
blocklist regex, causing catastrophic backtracking in regexec on
every new device. Cap the regex string at 1024 characters.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-30 17:40:25 +02:00
parent dac6b4f2c5
commit 5d0e806bdb
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/modules/module-protocol-pulse/modules/module-switch-on-connect.c
View file

@ -271,6 +271,9 @@ static int module_switch_on_connect_prepare(struct module * const module)
if ((str = pw_properties_get(props, "blocklist")) == NULL) if ((str = pw_properties_get(props, "blocklist")) == NULL)
str = DEFAULT_BLOCKLIST; str = DEFAULT_BLOCKLIST;
if (strlen(str) > 1024)
return -EINVAL;
if (regcomp(&d->blocklist, str, REG_NOSUB | REG_EXTENDED) != 0) if (regcomp(&d->blocklist, str, REG_NOSUB | REG_EXTENDED) != 0)
return -EINVAL; return -EINVAL;