| commit | e9e47b8e4fc5a3516874a0ab5604b76009b9b993 | |
| author | Nedko Arnaudov <nedko@nedk.org> | |
| Thu, 13 Jun 2024 17:24:03 +0000 (13 20:24 +0300) | ||
| committer | Nedko Arnaudov <nedko@nedk.org> | |
| Thu, 13 Jun 2024 17:42:21 +0000 (13 20:42 +0300) | ||
| tree | 6e2349b4aa4ae27fc45726222c10e5a08613837e | treesnapshot (tar.gz zip) |
| parent | 698132ae2f369222424d34eba387b75e732de886 | commitdiff |
Fix [theoretically possible] memory corruption.
Acquiring more than two devices via D-Bus reservation protocol
helper code could lead memory corruption.
Also using device identifiers longer than 64 will not cause memory
corruption anymore. strncpy() is now used instead of strcpy().
In jackdbus PipeWire setups, currently (pipewire-1.1.82),
this code should not run at all, as libjackserver.so jack control API
implementation is dummy.
Also, the presumption in PipeWire setups that WirePlumber will do the
device reservation, means that this [jackdbus] device reservation code
must not be called at all.
In JACK2, traditionally MIDI devices are not handled via reservation protocol,
and only one device can be reserved (the audio device used by JACK
server). One could argue whether jack2 "slave" devices-drivers should
involve reservation protocol too. No less for MIDI devices (via alsa raw,
alsa seq or some other MIDI back-end for jack).
This commit fixes memory corruption in [JACK] setups where more than
one device is reserved.
The possibility for buffer with long device identification string, e.g.
"Midi716491294619269518659286591827391287391827391827391826419825941256948191981723",
is also fixed. So big index numbers are unlikely to be observed in the
wild unless in malicious actor scenario.
See also commit 56f4d13ecb2b1cd9f8fd5786b769c9788c2b1b7f
Acquiring more than two devices via D-Bus reservation protocol
helper code could lead memory corruption.
Also using device identifiers longer than 64 will not cause memory
corruption anymore. strncpy() is now used instead of strcpy().
In jackdbus PipeWire setups, currently (pipewire-1.1.82),
this code should not run at all, as libjackserver.so jack control API
implementation is dummy.
Also, the presumption in PipeWire setups that WirePlumber will do the
device reservation, means that this [jackdbus] device reservation code
must not be called at all.
In JACK2, traditionally MIDI devices are not handled via reservation protocol,
and only one device can be reserved (the audio device used by JACK
server). One could argue whether jack2 "slave" devices-drivers should
involve reservation protocol too. No less for MIDI devices (via alsa raw,
alsa seq or some other MIDI back-end for jack).
This commit fixes memory corruption in [JACK] setups where more than
one device is reserved.
The possibility for buffer with long device identification string, e.g.
"Midi716491294619269518659286591827391287391827391827391826419825941256948191981723",
is also fixed. So big index numbers are unlikely to be observed in the
wild unless in malicious actor scenario.
See also commit 56f4d13ecb2b1cd9f8fd5786b769c9788c2b1b7f
| dbus/device_reservation.c | diffblobblamehistory |