Input Validation: Medium
atoi() on network-received data returns 0 on parse failure, which is
indistinguishable from a valid "0" input. It also accepts negative
values and does not detect overflow. Replace with strtol() and
validate that the status code is in the valid HTTP/RTSP range
(100-599) to prevent protocol state confusion from malformed
responses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: Medium
strdup() can return NULL on allocation failure. The return value was
used without checking, which would cause a NULL pointer dereference
(crash) when the name is later compared with spa_streq(). Add a NULL
check and free the partially-allocated struct on failure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Input Validation: High
system() passes its argument to /bin/sh -c, which interprets shell
metacharacters (;, |, &&, $(), etc.). If pw-container is invoked by
another program with untrusted input, this allows arbitrary command
execution. Replace with fork()+execvp() which executes the command
directly without shell interpretation, and passes all remaining
arguments to the child process.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a monitor mode that creates an Audio/Source combining audio from the
monitor ports of all Audio/Sink nodes. This allows capturing everything
that is being played back across all sinks into a single source.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Input Validation / Memory Safety: Medium
The RTSP client used for RAOP/AirPlay communication accepted arbitrarily
large Content-Length values from the remote server without any upper
bound. A malicious or compromised AirPlay server could specify a very
large Content-Length, causing the client to allocate unbounded memory
and potentially exhaust system resources (denial of service).
Additionally, the return value of pw_array_add() was not checked. If
the allocation failed, the subsequent memcpy would dereference a NULL
pointer, causing a crash.
Add a 64KB limit on Content-Length (more than sufficient for RTSP
control messages) and check the pw_array_add return value.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
