mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix strcpy into fixed-size buffer in netjack2 driver

Browse source 
Memory Safety: Low

strcpy() into the fixed-size params.type[8] buffer has no bounds
checking. While the current literal string "params" fits exactly,
this pattern is fragile and would silently overflow if the string
were ever changed. Use snprintf() with sizeof() for bounds safety,
consistent with how params.name and params.follower_name are
handled on the lines immediately following.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-27 16:13:34 +02:00
parent 9b845f4415
commit d456be1943
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/modules/module-netjack2-driver.c
View file

@ -1006,7 +1006,7 @@ static int send_follower_available(struct impl *impl)
client_name = DEFAULT_CLIENT_NAME;
spa_zero(params);
strcpy(params.type, "params");
snprintf(params.type, sizeof(params.type), "params");
params.version = htonl(NJ2_NETWORK_PROTOCOL);
params.packet_id = htonl(NJ2_ID_FOLLOWER_AVAILABLE);
snprintf(params.name, sizeof(params.name), "%s", client_name);