mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-28 06:46:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src/modules
History
Wim Taymans cd00ea2462 security: clear sensitive auth data from stack buffers in RAOP 
Information Disclosure: Medium

The MD5_hash() function formats password material into a 1024-byte
stack buffer for hashing but never clears it afterward. Similarly,
the Basic auth path in rtsp_add_raop_auth_header() formats
username:password into a stack buffer without clearing it.

These buffers remain on the stack after the functions return, and
could be exposed through memory disclosure vulnerabilities, core
dumps, or memory inspection.

Clear the buffers with explicit_bzero() immediately after they are
no longer needed, consistent with the existing practice of clearing
the password before freeing in impl_destroy().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-23 17:49:43 +02:00
..
module-adapter *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-avb module-avb: es_builder: use the descriptor rather than a pointer to avoid overwriting it 2026-04-20 10:10:58 +02:00
module-client-device core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-client-node core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-jack-tunnel dlopen: support search path ending in / 2026-04-13 10:26:33 +02:00
module-metadata metadata: Added context monitor for removed globals 2024-02-12 08:40:49 +00:00
module-netjack2 security: fix integer overflows in netjack2 float packet handling 2026-04-23 17:48:15 +02:00
module-profiler treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
module-protocol-native test: fix pod size 2026-04-08 11:28:04 +02:00
module-protocol-pulse security: fix integer overflow in PulseAudio message buffer allocation 2026-04-23 17:46:47 +02:00
module-raop fix some uninitialized variables warnings 2026-04-08 11:29:36 +02:00
module-roc pipewire: module-roc-{sink,source}: fix log format string issues 2026-02-19 19:37:15 +00:00
module-rt doc: clarify rlimits conf file 2024-01-05 10:22:28 +01:00
module-rtp module-rtp: Lower missing timeout log line from warn to trace 2026-03-30 23:45:34 +02:00
module-sendspin fix some uninitialized variables warnings 2026-04-08 11:29:36 +02:00
module-session-manager core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-vban midi: don't convert Midi in nodes 2026-03-25 11:59:43 +01:00
spa doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
zeroconf-utils zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
flatpak-utils.h modules: get also instance id for flatpak apps 2025-05-12 09:40:32 +00:00
meson.build meson: try to fix the doc build 2026-02-27 18:23:45 +01:00
module-access.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-adapter.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-avb.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-client-device.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-client-node.c modules: remove v0 protocol support 2025-07-10 16:26:01 +02:00
module-combine-stream.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-echo-cancel.c security: fix missing malloc NULL checks in echo-cancel 2026-04-23 16:25:19 +02:00
module-example-filter.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-example-sink.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-example-source.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-fallback-sink.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-ffado-driver.c midi: don't convert Midi in nodes 2026-03-25 11:59:43 +01:00
module-filter-chain.c filter-graph: use convolver2 for sofa 2026-04-21 16:52:49 +02:00
module-jack-tunnel.c docs: remove support for absolute paths from docs 2026-04-06 14:47:21 +02:00
module-jackdbus-detect.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-link-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-loopback.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-metadata.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-netjack2-driver.c modules: add PRIORITY_SESSION 2026-02-16 10:38:05 +01:00
module-netjack2-manager.c node: remove node.link-group from drivers 2026-03-05 14:32:41 +01:00
module-parametric-equalizer.c module-eq: Unload filter-chain on destruction 2025-12-26 18:53:48 +00:00
module-pipe-tunnel.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-portal.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-profiler.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-protocol-native.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-protocol-pulse.c pulse-server: increase min quantum values 2025-11-06 12:52:48 +01:00
module-protocol-simple.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-pulse-tunnel.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-raop-discover.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
module-raop-sink.c security: clear sensitive auth data from stack buffers in RAOP 2026-04-23 17:49:43 +02:00
module-roc-sink.c pipewire: module-roc-{sink,source}: remove logging related unused code 2026-02-19 19:37:15 +00:00
module-roc-source.c pipewire: module-roc-{sink,source}: remove logging related unused code 2026-02-19 19:37:15 +00:00
module-rt.c module-rt: warn if setting niceness fails with rtlimit 2025-12-11 16:38:00 -08:00
module-rtp-sap.c module-rtp: Add more logging for debugging timer related issues 2026-03-30 23:45:34 +02:00
module-rtp-session.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
module-rtp-sink.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-rtp-source.c module-rtp-source: Only enable IGMP recovery when using multicast 2026-03-30 23:45:34 +02:00
module-scheduler-v1.c scheduler: make nodes move to IDLE when inactive 2026-04-14 14:28:29 +02:00
module-sendspin-recv.c sendspin: cleanup receive sync and logging 2026-03-01 12:49:24 +01:00
module-sendspin-send.c sendspin: negotiate the first raw format 2026-03-13 12:03:11 +01:00
module-session-manager.c Fix typos 2024-05-22 09:19:34 +02:00
module-snapcast-discover.c fix some uninitialized variables warnings 2026-04-08 11:29:36 +02:00
module-spa-device-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-spa-device.c doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
module-spa-node-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-spa-node.c doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
module-vban-recv.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-vban-send.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-x11-bell.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-zeroconf-discover.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
network-utils.h network-utils: pw_net_are_addresses_equal() function 2026-03-30 23:45:33 +02:00