mirror of
https://github.com/swaywm/sway.git
synced 2026-04-22 06:46:27 -04:00
sway: prevent endless loop with broken clients
The server loops endlessly in following scenarios:
- client sends less bytes than IPC header requires
- client sends less bytes than defined by payload size
- client sends more payload data than buffered by operating system
This happens because the server relies on the buffering in sockets by
the operating system. The server only retrieves bytes from buffer when
enough bytes are available. To prevent this, store data in heap.
Also check supplied payload length before working with that value.
Proof of Concept client in Python (you will notice that sway process
consumes a lot of CPU while the client is running):
```
import os
import socket
swaysock=os.environ['SWAYSOCK']
client = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
client.connect(swaysock)
client.send(b'\x69\x33\x2D\x69\x70\x63\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x00')
input('Press enter to quit.')
```
This commit is contained in:
Tobias Stoeckmann
parent
edcdb5552d
commit
06ab0d166a
2 changed files with 85 additions and 69 deletions
|
|
@ -3,6 +3,9 @@
|
|||
|
||||
#define event_mask(ev) (1 << (ev & 0x7F))
|
||||
|
||||
// maximum size of payload is 4 MB
|
||||
#define IPC_MAX_SIZE 4e6
|
||||
|
||||
enum ipc_command_type {
|
||||
// i3 command types - see i3's I3_REPLY_TYPE constants
|
||||
IPC_COMMAND = 0,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue