mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix incorrect sizeof in RAOP packet size log messages

Browse source 
Input Validation: Low

The log messages for short timing and control packets used sizeof(bytes)
(size of the ssize_t variable, always 8 on 64-bit) instead of
sizeof(packet) (the actual expected packet size). This caused misleading
log output that could mask packet truncation attacks or debugging issues
with RAOP timing/control packet validation.

Fix by using sizeof(packet) to correctly report the expected packet size.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-27 12:14:47 +02:00
parent 8ed6fe5edf
commit 60e2857d82
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/modules/module-raop-sink.c
View file

@ -632,7 +632,7 @@ on_timing_source_io(void *data, int fd, uint32_t mask)
} }
if (bytes != sizeof(packet)) { if (bytes != sizeof(packet)) {
pw_log_warn("discarding short (%zd < %zd) timing packet", pw_log_warn("discarding short (%zd < %zd) timing packet",
bytes, sizeof(bytes)); bytes, sizeof(packet));
return; return;
} }
if (packet[0] != ntohl(0x80d20007)) if (packet[0] != ntohl(0x80d20007))
@ -671,7 +671,7 @@ on_control_source_io(void *data, int fd, uint32_t mask)
} }
if (bytes != sizeof(packet)) { if (bytes != sizeof(packet)) {
pw_log_warn("discarding short (%zd < %zd) control packet", pw_log_warn("discarding short (%zd < %zd) control packet",
bytes, sizeof(bytes)); bytes, sizeof(packet));
return; return;
} }
hdr = ntohl(packet[0]); hdr = ntohl(packet[0]);