[FFmpeg-devel,1/5] avformat/tty: Remove .txt from the extensions as it more likely is not a multimedia related file

Submitted by Michael Niedermayer on May 12, 2018, 4:33 p.m.

Details

Message ID 20180512163329.18380-1-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer May 12, 2018, 4:33 p.m.
Iam not sure if this is a good idea or not but it may make some
attacks harder. So throwing this out for discussions ...

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/tty.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Sept. 11, 2018, 7:35 p.m.
On Sat, May 12, 2018 at 06:33:25PM +0200, Michael Niedermayer wrote:
> Iam not sure if this is a good idea or not but it may make some
> attacks harder. So throwing this out for discussions ...

no comment or other suggestion from anyone, so i will apply this

[...]
Carl Eugen Hoyos Sept. 11, 2018, 9:31 p.m.
2018-05-12 18:33 GMT+02:00, Michael Niedermayer <michael@niedermayer.cc>:
> Iam not sure if this is a good idea or not but it may make some
> attacks harder. So throwing this out for discussions ...

I am definitely not objecting but I doubt that this patch can make
any attack harder.
The main "advantage" of the patch imo is that it stops FFmpeg
from decoding txt files.

Carl Eugen
Paul B Mahol Sept. 11, 2018, 9:42 p.m.
On 9/11/18, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote:
> 2018-05-12 18:33 GMT+02:00, Michael Niedermayer <michael@niedermayer.cc>:
>> Iam not sure if this is a good idea or not but it may make some
>> attacks harder. So throwing this out for discussions ...
>
> I am definitely not objecting but I doubt that this patch can make
> any attack harder.
> The main "advantage" of the patch imo is that it stops FFmpeg
> from decoding txt files.

FFmpeg can still decode txt files, just not automatically.
Carl Eugen Hoyos Sept. 11, 2018, 9:47 p.m.
2018-09-11 23:42 GMT+02:00, Paul B Mahol <onemda@gmail.com>:
> On 9/11/18, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote:
>> 2018-05-12 18:33 GMT+02:00, Michael Niedermayer <michael@niedermayer.cc>:
>>> Iam not sure if this is a good idea or not but it may make some
>>> attacks harder. So throwing this out for discussions ...
>>
>> I am definitely not objecting but I doubt that this patch can make
>> any attack harder.
>> The main "advantage" of the patch imo is that it stops FFmpeg
>> from decoding txt files.
>
> FFmpeg can still decode txt files, just not automatically.

Sorry, I meant "by default".

Carl Eugen
Michael Niedermayer Sept. 11, 2018, 10:44 p.m.
On Tue, Sep 11, 2018 at 11:31:23PM +0200, Carl Eugen Hoyos wrote:
> 2018-05-12 18:33 GMT+02:00, Michael Niedermayer <michael@niedermayer.cc>:
> > Iam not sure if this is a good idea or not but it may make some
> > attacks harder. So throwing this out for discussions ...
> 
> I am definitely not objecting but I doubt that this patch can make
> any attack harder.

files ending with the .txt extension which are not multimedia files
contain some other posibly sensitive data. If an attacker can control
the input path for ffmpeg and nothing else then being able to read txt files
allows leaking the content to the attacker generally.

We had bugs that allowed the attacker to control the input path in some
cases. So this pre-requesite has evidence for past occurance.

We surely can leave txt in the list if people prefer. This is not a clear
case of what is better. Its not a true "its buggy and this fixes it" case
rather a "this is a steping stone an attacker might find useful in some
case of unknown propability"


> The main "advantage" of the patch imo is that it stops FFmpeg
> from decoding txt files.
> 
> Carl Eugen
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Patch hide | download patch | download mbox

diff --git a/libavformat/tty.c b/libavformat/tty.c
index 8d48f2c45c..8067dd1908 100644
--- a/libavformat/tty.c
+++ b/libavformat/tty.c
@@ -155,6 +155,6 @@  AVInputFormat ff_tty_demuxer = {
     .priv_data_size = sizeof(TtyDemuxContext),
     .read_header    = read_header,
     .read_packet    = read_packet,
-    .extensions     = "ans,art,asc,diz,ice,nfo,txt,vt",
+    .extensions     = "ans,art,asc,diz,ice,nfo,vt",
     .priv_class     = &tty_demuxer_class,
 };