Wim Taymans c551408ec2 security: reject path traversal in echo-cancel aec_method parameter ... The aec_method parameter is interpolated into a SPA library path as "aec/libspa-aec-%s". A client could use "../" sequences to load arbitrary SPA plugins. Reject values containing ".." or "/". Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>		2026-04-30 17:44:28 +02:00
..
modules	security: reject path traversal in echo-cancel aec_method parameter	2026-04-30 17:44:28 +02:00
client.c	loop: spa_loop_invoke -> spa_loop_locked where possible	2025-05-30 11:59:35 +02:00
client.h	security: add per-client pending sample limit in PulseAudio protocol	2026-04-29 17:19:08 +02:00
cmd.c	security: add missing NULL check after strndup in cmd.c	2026-04-29 18:21:16 +02:00
cmd.h
collect.c	pulse: only fixate when necessary	2026-04-30 16:27:15 +02:00
collect.h	pulse-server: add stream/device state in dev_info	2023-11-20 11:39:31 +01:00
commands.h
dbus-name.c
dbus-name.h
defs.h	pulse-server: fix loading of defaults	2026-04-30 10:11:38 +02:00
extension.c	pulse-server: move extension to modules	2024-01-23 13:31:05 +01:00
extension.h	pulse-server: move extension to modules	2024-01-23 13:31:05 +01:00
format.c	security: fix issues in pulse module core files	2026-04-30 17:08:04 +02:00
format.h	format: Add support for sample rate of 1.536 Mhz	2026-01-09 01:16:30 +01:00
internal.h	security: add total sample cache size limit in PulseAudio protocol	2026-04-29 16:39:57 +02:00
log.h
manager.c	security: fix issues in pulse module core files	2026-04-30 17:08:04 +02:00
manager.h	*: don't include standard C headers inside of extern "C"	2025-05-30 09:48:28 +01:00
message-handler.c	pulse: use json builder for message handler output	2026-04-30 13:53:20 +02:00
message-handler.h
message.c	security: reject unknown tags in message_get to prevent va_arg desync	2026-04-30 09:14:08 +02:00
message.h	pulse-server: message: use union to store event data	2024-05-15 08:31:40 +00:00
module.c	security: fix one-byte OOB read in module_args_add_props	2026-04-29 18:24:13 +02:00
module.h	pulse-server: add a pipewire-pulse:list-modules message	2025-09-26 10:55:10 +02:00
operation.c	security: fix operation counter leak in operation_complete	2026-04-29 18:15:22 +02:00
operation.h	pulse-server: add operation_free_by_tag()	2023-05-10 18:57:20 +00:00
pending-sample.c	pulse: only fixate when necessary	2026-04-30 16:27:15 +02:00
pending-sample.h	pulse-server: pending-sample: handle client disconnection correctly	2023-05-10 18:57:20 +00:00
pulse-server.c	security: fix stack overflow via strndupa on long device names	2026-04-30 17:18:06 +02:00
pulse-server.h	*: don't include standard C headers inside of extern "C"	2025-05-30 09:48:28 +01:00
quirks.c	pulse-server: add quirk to block record and playback streams	2024-09-23 10:56:40 +02:00
quirks.h	pulse-server: add quirk to block record and playback streams	2024-09-23 10:56:40 +02:00
remap.c
remap.h
reply.c	security: add missing NULL checks after message_alloc in reply	2026-04-29 17:54:21 +02:00
reply.h
sample-play.c	pulse-server: keep allocate buffer size around	2026-04-30 15:25:31 +02:00
sample-play.h	pulse-server: use timeout also for creating sample-play streams	2026-02-02 11:25:01 +00:00
sample.c
sample.h
server.c	security: clamp negative max-clients config to zero in pulse server	2026-04-30 17:28:02 +02:00
server.h
snap-policy.c	security: fix issues in pulse module core files	2026-04-30 17:08:04 +02:00
snap-policy.h	Replace even more spaces with tabs	2024-01-12 11:35:17 +00:00
stream.c	pulse-server: keep allocate buffer size around	2026-04-30 15:25:31 +02:00
stream.h	pulse-server: keep allocate buffer size around	2026-04-30 15:25:31 +02:00
utils.c	security: replace strcat with bounds-explicit memcpy in pulse utils	2026-04-27 16:14:23 +02:00
utils.h	protocol-pulse: implement readiness notification	2024-10-22 09:50:27 +02:00
volume.c	security: fix issues in pulse module core files	2026-04-30 17:08:04 +02:00
volume.h