mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-28 06:46:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src/modules
History
Wim Taymans b2bdd65338 security: fix TOCTOU and symlink vulnerabilities in pipe-tunnel FIFO 
File and Resource Handling: High

The pipe-tunnel module creates FIFOs and then adjusts their
permissions using chmod() on the path. Between mkfifo() and
chmod(), an attacker with write access to the directory (e.g.,
/tmp with the default hardcoded paths) can delete the FIFO and
replace it with a symlink to a target file. The chmod(0666) then
changes permissions on the symlink target, allowing the attacker
to make arbitrary files world-readable/writable.

Fix by:
1. Adding O_NOFOLLOW to the open() call so symlinks are rejected
   at open time rather than followed.
2. Moving the permission change from chmod() (path-based, follows
   symlinks) to fchmod() (fd-based, operates on the already-opened
   and validated file descriptor), and doing it after the fstat
   S_ISFIFO check confirms we opened an actual FIFO.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-24 15:55:35 +02:00
..
module-adapter *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-avb module-avb: fix GET_NAME to validate length before field reads and reply with fixed size 2026-04-24 11:50:23 +02:00
module-client-device core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-client-node core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-jack-tunnel dlopen: support search path ending in / 2026-04-13 10:26:33 +02:00
module-metadata
module-netjack2 security: fix integer overflows in netjack2 peer buffer allocations 2026-04-24 15:55:35 +02:00
module-profiler
module-protocol-native test: fix pod size 2026-04-08 11:28:04 +02:00
module-protocol-pulse security: fix integer overflow in PulseAudio message buffer allocation 2026-04-23 17:46:47 +02:00
module-raop fix some uninitialized variables warnings 2026-04-08 11:29:36 +02:00
module-roc pipewire: module-roc-{sink,source}: fix log format string issues 2026-02-19 19:37:15 +00:00
module-rt
module-rtp module-rtp: Lower missing timeout log line from warn to trace 2026-03-30 23:45:34 +02:00
module-sendspin fix some uninitialized variables warnings 2026-04-08 11:29:36 +02:00
module-session-manager core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-vban security: fix missing packet length validation in VBAN MIDI receive 2026-04-24 15:55:35 +02:00
spa doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
zeroconf-utils zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
flatpak-utils.h modules: get also instance id for flatpak apps 2025-05-12 09:40:32 +00:00
meson.build meson: try to fix the doc build 2026-02-27 18:23:45 +01:00
module-access.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-adapter.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-avb.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-client-device.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-client-node.c modules: remove v0 protocol support 2025-07-10 16:26:01 +02:00
module-combine-stream.c security: fix integer truncation in combine-stream delay calculation 2026-04-24 15:55:35 +02:00
module-echo-cancel.c security: fix missing malloc NULL checks in echo-cancel 2026-04-23 16:25:19 +02:00
module-example-filter.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-example-sink.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-example-source.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-fallback-sink.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-ffado-driver.c midi: don't convert Midi in nodes 2026-03-25 11:59:43 +01:00
module-filter-chain.c filter-graph: use convolver2 for sofa 2026-04-21 16:52:49 +02:00
module-jack-tunnel.c docs: remove support for absolute paths from docs 2026-04-06 14:47:21 +02:00
module-jackdbus-detect.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-link-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-loopback.c security: fix integer overflow in loopback delay buffer allocation 2026-04-24 15:55:35 +02:00
module-metadata.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-netjack2-driver.c security: fix integer overflow in netjack2 socket buffer size calculation 2026-04-24 15:55:35 +02:00
module-netjack2-manager.c security: fix integer overflow in netjack2 socket buffer size calculation 2026-04-24 15:55:35 +02:00
module-parametric-equalizer.c module-eq: Unload filter-chain on destruction 2025-12-26 18:53:48 +00:00
module-pipe-tunnel.c security: fix TOCTOU and symlink vulnerabilities in pipe-tunnel FIFO 2026-04-24 15:55:35 +02:00
module-portal.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-profiler.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-protocol-native.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-protocol-pulse.c pulse-server: increase min quantum values 2025-11-06 12:52:48 +01:00
module-protocol-simple.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-pulse-tunnel.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-raop-discover.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
module-raop-sink.c security: clear sensitive auth data from stack buffers in RAOP 2026-04-23 17:49:43 +02:00
module-roc-sink.c pipewire: module-roc-{sink,source}: remove logging related unused code 2026-02-19 19:37:15 +00:00
module-roc-source.c pipewire: module-roc-{sink,source}: remove logging related unused code 2026-02-19 19:37:15 +00:00
module-rt.c module-rt: warn if setting niceness fails with rtlimit 2025-12-11 16:38:00 -08:00
module-rtp-sap.c module-rtp: Add more logging for debugging timer related issues 2026-03-30 23:45:34 +02:00
module-rtp-session.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
module-rtp-sink.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-rtp-source.c module-rtp-source: Only enable IGMP recovery when using multicast 2026-03-30 23:45:34 +02:00
module-scheduler-v1.c scheduler: make nodes move to IDLE when inactive 2026-04-14 14:28:29 +02:00
module-sendspin-recv.c sendspin: cleanup receive sync and logging 2026-03-01 12:49:24 +01:00
module-sendspin-send.c sendspin: negotiate the first raw format 2026-03-13 12:03:11 +01:00
module-session-manager.c Fix typos 2024-05-22 09:19:34 +02:00
module-snapcast-discover.c fix some uninitialized variables warnings 2026-04-08 11:29:36 +02:00
module-spa-device-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-spa-device.c doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
module-spa-node-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-spa-node.c doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
module-vban-recv.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-vban-send.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-x11-bell.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-zeroconf-discover.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
network-utils.h network-utils: pw_net_are_addresses_equal() function 2026-03-30 23:45:33 +02:00