[pulseaudio-discuss] [PATCH 02/12] iochannel/pstream/pdispatch: Add support for receiving file descriptors
David Henningsson
david.henningsson at canonical.com
Tue Jun 24 01:06:57 PDT 2014
On 2014-06-17 11:09, David Henningsson wrote:
>
>
> On 2014-06-01 20:55, Alexander E. Patrakov wrote:
>> 30.05.2014 17:59, David Henningsson wrote:
>>> + else if (cmh->cmsg_type == SCM_RIGHTS) {
>>> + int nfd = (cmh->cmsg_len - CMSG_LEN(0)) / sizeof(int);
>>> + if (nfd > MAX_ANCIL_FDS) {
>>> + pa_log("Trying to receive too many file
>>> descriptors!");
>>> + continue;
>>> + }
>>> + memcpy(ancil->fds, CMSG_DATA(cmh), nfd * sizeof(int));
>>> + ancil->nfd = nfd;
>>> }
>>
>> Don't we need to close these injected file descriptors if we don't like
>> them?
>
> Good point, I think so too. Will fix, thanks.
Fixing that was simple, but it does not stop malicious clients from
sending one fd at a time. Maybe that is also possible even without the
srbchannel patches, to overload the PulseAudio process with file
descriptors?
--
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic
More information about the pulseaudio-discuss
mailing list