From f63b44d8ae68d7b36346d8d00681fe8a84e78ff0 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Sat, 18 Apr 2026 09:13:06 +1000
Subject: [PATCH] util: allow for a maximum of 32 fds in xsend_with_fds

Our current maximum of fds per the protocol is exactly 1 so this has
no effect but might save us in the future from some naughty client.
Meanwhile, this prevents us from having a variable-length array on the
stack that is caller-controller.

Assisted-by: Claude:claude-opus-4-6
Part-of: <https://gitlab.freedesktop.org/libinput/libei/-/merge_requests/388>
---
 src/util-io.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/util-io.c b/src/util-io.c
index f3f7af8..acc35f0 100644
--- a/src/util-io.c
+++ b/src/util-io.c
@@ -88,6 +88,11 @@ xsend_with_fd(int fd, const void *buf, size_t len, int *fds)
 	if (nfds == 0)
 		return xsend(fd, buf, len);
 
+	const size_t MAX_FDS = 32;
+	if (nfds > MAX_FDS) {
+		return -EINVAL;
+	}
+
 	char control[CMSG_SPACE(nfds * sizeof(int))];
 	struct cmsghdr *header = (struct cmsghdr *)control;