@@ -363,6 +363,17 @@ for testing. Do not use it unless you know what you're doing.
ffmpeg -cpucount 2
@end example
+@item -mask_url -i @var{url} (@emph{output})
+If the protocol address contains the user name and password, the ps -ef
+command exposes plaintext. You can add the -mask_url parameter option is
+added to replace the protocol address in the command line with the
+asterisk (*). Because other users can run the ps -ef command to view sensitive
+information such as the user name and password in the protocol address,
+which is insecure.
+@example
+ffmpeg -mask_url -i rtsp://username:password-ip:port/stream/test
+@end example
+
@item -max_alloc @var{bytes}
Set the maximum size limit for allocating a block on the heap by ffmpeg's
family of malloc functions. Exercise @strong{extreme caution} when using
@@ -60,6 +60,59 @@ AVDictionary *swr_opts;
AVDictionary *format_opts, *codec_opts;
int hide_banner = 0;
+int mask_url = 0;
+
+void mask_param(int argc, char **argv)
+{
+ int i, j;
+ for (i = 1; i < argc; i++) {
+ char *match = strstr(argv[i], "://");
+ if (match) {
+ int total = strlen(argv[i]);
+ for (j = 0; j < total; j++) {
+ argv[i][j] = '*';
+ }
+ }
+ }
+}
+
+char **copy_argv(int argc, char **argv)
+{
+ char **argv_copy;
+ argv_copy = av_mallocz((argc + 1) * sizeof(char *));
+ if (!argv_copy) {
+ av_log(NULL, AV_LOG_FATAL, "argv_copy malloc failed\n");
+ exit_program(1);
+ }
+
+ for (int i = 0; i < argc; i++) {
+ int length = strlen(argv[i]) + 1;
+ argv_copy[i] = av_mallocz(length * sizeof(*argv_copy));
+ if (!argv_copy[i]) {
+ av_log(NULL, AV_LOG_FATAL, "argv_copy[%d] malloc failed\n", i);
+ exit_program(1);
+ }
+ memcpy(argv_copy[i], argv[i], length);
+ }
+ argv_copy[argc] = NULL;
+ return argv_copy;
+}
+
+char **handle_arg_param(int argc, char **argv)
+{
+ char **argv_copy;
+ argv_copy = copy_argv(argc, argv);
+ if (mask_url)
+ mask_param(argc, argv);
+ return argv_copy;
+}
+
+void free_argv_copy(int argc, char **argv)
+{
+ for (int i = 0; i < argc; i++)
+ av_free(argv[i]);
+ av_free(argv);
+}
void uninit_opts(void)
{
@@ -501,6 +554,10 @@ void parse_loglevel(int argc, char **argv, const OptionDef *options)
idx = locate_option(argc, argv, options, "hide_banner");
if (idx)
hide_banner = 1;
+
+ idx = locate_option(argc, argv, options, "mask_url");
+ if (idx)
+ mask_url = 1;
}
static const AVOption *opt_find(void *obj, const char *name, const char *unit,
@@ -48,6 +48,27 @@ extern AVDictionary *sws_dict;
extern AVDictionary *swr_opts;
extern AVDictionary *format_opts, *codec_opts;
extern int hide_banner;
+extern int mask_url;
+
+/**
+ * Using to mask sensitive info.
+ */
+void mask_param(int argc, char **argv);
+
+/**
+ * Using to copy ori argv.
+ */
+char **copy_argv(int argc, char **argv);
+
+/**
+ * Handle argv and argv_copy.
+ */
+char **handle_arg_param(int argc, char **argv);
+
+/**
+ * Free argv.
+ */
+void free_argv_copy(int argc, char **argv);
/**
* Register a program-specific cleanup routine.
@@ -3867,7 +3867,7 @@ int main(int argc, char **argv)
{
int ret;
BenchmarkTimeStamps ti;
-
+ char **argv_copy;
init_dynload();
register_exit(ffmpeg_cleanup);
@@ -3883,9 +3883,10 @@ int main(int argc, char **argv)
avformat_network_init();
show_banner(argc, argv, options);
-
+ argv_copy = handle_arg_param(argc, argv);
/* parse options and open all input/output files */
- ret = ffmpeg_parse_options(argc, argv);
+ ret = ffmpeg_parse_options(argc, argv_copy);
+ free_argv_copy(argc, argv_copy);
if (ret < 0)
exit_program(1);
@@ -3664,6 +3664,7 @@ void show_help_default(const char *opt, const char *arg)
int main(int argc, char **argv)
{
int flags;
+ char **argv_copy;
VideoState *is;
init_dynload();
@@ -3682,8 +3683,9 @@ int main(int argc, char **argv)
show_banner(argc, argv, options);
- parse_options(NULL, argc, argv, options, opt_input_file);
-
+ argv_copy = handle_arg_param(argc, argv);
+ parse_options(NULL, argc, argv_copy, options, opt_input_file);
+ free_argv_copy(argc, argv_copy);
if (!input_filename) {
show_usage();
av_log(NULL, AV_LOG_FATAL, "An input file must be specified\n");
@@ -4036,7 +4036,7 @@ int main(int argc, char **argv)
char *buf;
char *w_name = NULL, *w_args = NULL;
int ret, input_ret, i;
-
+ char **argv_copy;
init_dynload();
#if HAVE_THREADS
@@ -4056,8 +4056,8 @@ int main(int argc, char **argv)
#endif
show_banner(argc, argv, options);
- parse_options(NULL, argc, argv, options, opt_input_file);
-
+ argv_copy = handle_arg_param(argc, argv);
+ parse_options(NULL, argc, argv_copy, options, opt_input_file);
if (do_show_log)
av_log_set_callback(log_callback);
@@ -4173,6 +4173,7 @@ end:
av_freep(&print_format);
av_freep(&read_intervals);
av_hash_freep(&hash);
+ free_argv_copy(argc, argv_copy);
uninit_opts();
for (i = 0; i < FF_ARRAY_ELEMS(sections); i++)
@@ -226,6 +226,7 @@ int opt_cpucount(void *optctx, const char *opt, const char *arg);
{ "cpuflags", HAS_ARG | OPT_EXPERT, { .func_arg = opt_cpuflags }, "force specific cpu flags", "flags" }, \
{ "cpucount", HAS_ARG | OPT_EXPERT, { .func_arg = opt_cpucount }, "force specific cpu count", "count" }, \
{ "hide_banner", OPT_BOOL | OPT_EXPERT, {&hide_banner}, "do not show program banner", "hide_banner" }, \
+ { "mask_url", OPT_BOOL, {&mask_url}, "mask the url", "flags" }, \
CMDUTILS_COMMON_OPTIONS_AVDEVICE \
#endif /* FFTOOLS_OPT_COMMON_H */
Please review it again, thanks!! Signed-off-by: wujian_nanjing <wujian2@huawei.com> --- doc/fftools-common-opts.texi | 11 +++++++++ fftools/cmdutils.c | 57 ++++++++++++++++++++++++++++++++++++++++++++ fftools/cmdutils.h | 21 ++++++++++++++++ fftools/ffmpeg.c | 7 +++--- fftools/ffplay.c | 6 +++-- fftools/ffprobe.c | 7 +++--- fftools/opt_common.h | 1 + 7 files changed, 102 insertions(+), 8 deletions(-)