mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix JSON injection in LADSPA plugin/label strings

Browse source 
The plugin and label parameters in module-ladspa-sink and
module-ladspa-source were inserted into the filter-chain JSON config
without escaping. Use spa_json_encode_string to prevent injection.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 17:50:49 +02:00
parent bc4e1a989c
commit c5c2d197dc
2 changed files with 12 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/modules/module-protocol-pulse/modules/module-ladspa-sink.c
View file

@ -76,6 +76,7 @@ static int module_ladspa_sink_load(struct module *module)
FILE *f;
char *args;
const char *str, *plugin, *label;
char encoded_plugin[1024], encoded_label[1024];
size_t size;
if ((plugin = pw_properties_get(module->props, "plugin")) == NULL)
@ -95,9 +96,12 @@ static int module_ladspa_sink_load(struct module *module)
pw_properties_serialize_dict(f, &module->props->dict, 0);
fprintf(f, " filter.graph = {");
fprintf(f, " nodes = [ { ");
spa_json_encode_string(encoded_plugin, sizeof(encoded_plugin), plugin);
spa_json_encode_string(encoded_label, sizeof(encoded_label), label);
fprintf(f, " type = ladspa ");
fprintf(f, " plugin = \"%s\" ", plugin);
fprintf(f, " label = \"%s\" ", label);
fprintf(f, " plugin = %s ", encoded_plugin);
fprintf(f, " label = %s ", encoded_label);
if ((str = pw_properties_get(module->props, "control")) != NULL) {
size_t len;
const char *s, *state = NULL;

8
src/modules/module-protocol-pulse/modules/module-ladspa-source.c
View file

@ -76,6 +76,7 @@ static int module_ladspa_source_load(struct module *module)
FILE *f;
char *args;
const char *str, *plugin, *label;
char encoded_plugin[1024], encoded_label[1024];
size_t size;
if ((plugin = pw_properties_get(module->props, "plugin")) == NULL)
@ -95,9 +96,12 @@ static int module_ladspa_source_load(struct module *module)
pw_properties_serialize_dict(f, &module->props->dict, 0);
fprintf(f, " filter.graph = {");
fprintf(f, " nodes = [ { ");
spa_json_encode_string(encoded_plugin, sizeof(encoded_plugin), plugin);
spa_json_encode_string(encoded_label, sizeof(encoded_label), label);
fprintf(f, " type = ladspa ");
fprintf(f, " plugin = \"%s\" ", plugin);
fprintf(f, " label = \"%s\" ", label);
fprintf(f, " plugin = %s ", encoded_plugin);
fprintf(f, " label = %s ", encoded_label);
if ((str = pw_properties_get(module->props, "control")) != NULL) {
size_t len;
const char *s, *state = NULL;