From patchwork Mon Dec 5 12:52:51 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 1679 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.65.86 with SMTP id o83csp1598886vsa; Mon, 5 Dec 2016 04:53:12 -0800 (PST) X-Received: by 10.28.131.1 with SMTP id f1mr9602226wmd.43.1480942392517; Mon, 05 Dec 2016 04:53:12 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id tc14si14819400wjb.136.2016.12.05.04.53.12; Mon, 05 Dec 2016 04:53:12 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8F6B968A099; Mon, 5 Dec 2016 14:52:51 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe04-3.mx.upcmail.net (vie01a-dmta-pe04-3.mx.upcmail.net [62.179.121.165]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 56DFC68A08E for ; Mon, 5 Dec 2016 14:52:44 +0200 (EET) Received: from [172.31.216.43] (helo=vie01a-pemc-psmtp-pe01) by vie01a-dmta-pe04.mx.upcmail.net with esmtp (Exim 4.87) (envelope-from ) id 1cDslJ-00035b-RX for ffmpeg-devel@ffmpeg.org; Mon, 05 Dec 2016 13:52:53 +0100 Received: from localhost ([213.47.41.20]) by vie01a-pemc-psmtp-pe01 with SMTP @ mailcloud.upcmail.net id GCss1u02q0S5wYM01CstQE; Mon, 05 Dec 2016 13:52:53 +0100 X-SourceIP: 213.47.41.20 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Mon, 5 Dec 2016 13:52:51 +0100 Message-Id: <20161205125251.28683-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20161205125251.28683-1-michael@niedermayer.cc> References: <20161205125251.28683-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 2/2] [RFC] avformat/avio: Fail on opening non file urls which exist as local files without whitelists X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" TODO: this needs to cleanly open a file url context for checking This stops someone having a local file like "http:evilhost.com" and playing it as "http:evilhost.com" without explicitly specifying the http protocol on the whitelist That is it reduces the impact of people not using the "file:" scheme explicitly on untrusted filenames at the expense of causing some problems if a remote url exists ad a local file Signed-off-by: Michael Niedermayer --- libavformat/avio.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/libavformat/avio.c b/libavformat/avio.c index 3606eb0fda..5a11add415 100644 --- a/libavformat/avio.c +++ b/libavformat/avio.c @@ -31,6 +31,8 @@ #endif #include "url.h" +static const struct URLProtocol *url_find_protocol(const char *filename); + /** @name Logging context. */ /*@{*/ static const char *urlcontext_to_name(void *ptr) @@ -188,6 +190,17 @@ int ffurl_connect(URLContext *uc, AVDictionary **options) return AVERROR(EINVAL); } + if ((uc->flags & AVIO_FLAG_READ) && + !uc->protocol_whitelist && + !uc->protocol_blacklist && + strcmp(uc->prot->name, "file")) { + const URLProtocol *file_protocol = url_find_protocol("file:"); + if (file_protocol->url_check(uc, 0) >= 0) { + av_log(uc, AV_LOG_ERROR, "Ambigous filename %s exists, specify a whitelist!\n", uc->filename); + return AVERROR(EEXIST); + } + } + if (!uc->protocol_whitelist && uc->prot->default_whitelist) { av_log(uc, AV_LOG_DEBUG, "Setting default whitelist '%s'\n", uc->prot->default_whitelist); uc->protocol_whitelist = av_strdup(uc->prot->default_whitelist);