security: validate sample rate in PulseAudio update_stream_sample_rate

The client-provided rate was used without validation. A zero or excessively large rate produces extreme correction values passed to pw_stream_set_control. Reject rates that are zero or exceed RATE_MAX. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-30 21:37:53 -04:00 · 2026-04-29 16:50:43 +02:00 · 2026-04-29 16:50:43 +02:00 · e5968c00b1
commit e5968c00b1
parent 1fd45861c1
1 changed files with 3 additions and 0 deletions
--- a/src/modules/module-protocol-pulse/pulse-server.c
+++ b/src/modules/module-protocol-pulse/pulse-server.c
@ -4609,6 +4609,9 @@ static int do_update_stream_sample_rate(struct client *client, uint32_t command,
 	if (stream == NULL || stream->type == STREAM_TYPE_UPLOAD)
 		return -ENOENT;

+	if (rate == 0 || rate > RATE_MAX)
+		return -EINVAL;
+
 	stream->rate = rate;

 	corr = (float)rate/(float)stream->ss.rate;