88955 – Validate the number of received info structs in introspect.c

Bug 88955 - Validate the number of received info structs in introspect.c

Summary: Validate the number of received info structs in introspect.c

Status:	RESOLVED MOVED

Alias:	None

Product:	PulseAudio
Classification:	Unclassified
Component:	clients (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	pulseaudio-bugs
QA Contact:	pulseaudio-bugs

URL:
Whiteboard:
Keywords:	love

Depends on:
Blocks:

Reported:	2015-02-03 22:06 UTC by Tanu Kaskinen
Modified:	2018-07-30 10:25 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Tanu Kaskinen 2015-02-03 22:06:33 UTC

introspect.c doesn't check how many info structs it gets in response, when the info for exactly one object is requested. This means that if applications want to be robust against broken/malicious servers, they have to count the info structs themselves, which is not trivial. This input validation should be done by libpulse, so that applications can assume that when requesting the info of one object, exactly one info is returned (or an error).

Comment 1 GitLab Migration User 2018-07-30 10:25:40 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/issues/411.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.