mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-16 21:37:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

connection: return error if too many fds in message

Browse source 
Check that the number of fds in the message doesn't exceed our max or
else we might overflow the fd buffer a little later.
This commit is contained in:
Wim Taymans 2026-05-14 16:32:58 +02:00
parent 79b4aba6cc
commit f3fc645496
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/modules/module-protocol-native/connection.c
View file

@ -538,7 +538,8 @@ static int prepare_packet(struct pw_protocol_native_connection *conn, struct buf
size -= impl->hdr_size;
buf->msg.fds = &buf->fds[buf->fds_offset];
if (buf->msg.n_fds + buf->fds_offset > buf->n_fds)
if (buf->msg.n_fds > MAX_FDS ||
buf->msg.n_fds + buf->fds_offset > buf->n_fds)
return -EPROTO;
if (size < len)