pipewire

mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-20 06:38:10 +02:00

History

Wim Taymans c3c11e4c76 security: add max packet limit to netjack2 recv_data loop Input Validation: High The netjack2_recv_data loop terminates based on the is_last flag from received network packets. A malicious peer could continuously send packets with is_last=0, causing the receive loop to run indefinitely and blocking the audio processing thread. This is a denial of service vulnerability. Add a maximum packet count (1024) per receive cycle. This is well above what any legitimate netjack2 session would produce but prevents a malicious peer from stalling the processing thread. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-29 13:58:02 +02:00
..
packets.h	security: fix out-of-bounds read from non-null-terminated netjack2 strings	2026-04-24 15:55:35 +02:00
peer.c	security: add max packet limit to netjack2 recv_data loop	2026-04-29 13:58:02 +02:00

Wim Taymans c3c11e4c76 security: add max packet limit to netjack2 recv_data loop

Input Validation: High

The netjack2_recv_data loop terminates based on the is_last flag
from received network packets. A malicious peer could continuously
send packets with is_last=0, causing the receive loop to run
indefinitely and blocking the audio processing thread. This is
a denial of service vulnerability.

Add a maximum packet count (1024) per receive cycle. This is
well above what any legitimate netjack2 session would produce
but prevents a malicious peer from stalling the processing thread.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-29 13:58:02 +02:00

packets.h

security: fix out-of-bounds read from non-null-terminated netjack2 strings

2026-04-24 15:55:35 +02:00

peer.c

security: add max packet limit to netjack2 recv_data loop

2026-04-29 13:58:02 +02:00