Message ID | 20200427105147.98947-1-lq@chinaffmpeg.org |
---|---|
State | Superseded |
Headers | show |
Series | [FFmpeg-devel,v2] avformat/url: check url root node when rel include double dot | expand |
Context | Check | Description |
---|---|---|
andriy/default | pending | |
andriy/make | success | Make finished |
andriy/make_fate | fail | Make fate failed |
Steven Liu (12020-04-27):
> and add testcase into url for double dot corner case
Did you run FATE?
Regards,
> 2020年4月27日 下午6:54,Nicolas George <george@nsup.org> 写道: > > Steven Liu (12020-04-27): >> and add testcase into url for double dot corner case > > Did you run FATE? Haha, Patchwork returned it, will fix that. > > Regards, > > -- > Nicolas George Thanks Steven Liu
Steven Liu (12020-04-27):
> Haha, Patchwork returned it, will fix that.
Please run FATE yourself before submitting patches.
Regards,
On Mon, Apr 27, 2020 at 06:51:47PM +0800, Steven Liu wrote: > fix ticket: 8625 > and add testcase into url for double dot corner case I think you need update ./tests/ref/fate/url also. make fate-url SAMPLES=../fate-suite > > Suggested-by: Martin Storsjö <martin@martin.st> > Signed-off-by: Steven Liu <liuqi05@kuaishou.com> > --- > libavformat/tests/url.c | 3 +++ > libavformat/url.c | 21 +++++++++++++++++++-- > 2 files changed, 22 insertions(+), 2 deletions(-) > > diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c > index 5e484fd428..02d0d59aa8 100644 > --- a/libavformat/tests/url.c > +++ b/libavformat/tests/url.c > @@ -56,6 +56,7 @@ int main(void) > test("/foo/bar", "baz"); > test("/foo/bar", "../baz"); > test("/foo/bar", "/baz"); > + test("/foo/bar", "../../../baz"); > test("http://server/foo/", "baz"); > test("http://server/foo/bar", "baz"); > test("http://server/foo/", "../baz"); > @@ -65,6 +66,8 @@ int main(void) > test("http://server/foo/bar?param=value/with/slashes", "/baz"); > test("http://server/foo/bar?param&otherparam", "?someparam"); > test("http://server/foo/bar", "//other/url"); > + test("http://server/foo/bar", "../../../../../other/url"); > + test("http://server/foo/bar", "/../../../../../other/url"); > > printf("\nTesting av_url_split:\n"); > test2("/foo/bar"); > diff --git a/libavformat/url.c b/libavformat/url.c > index 596fb49cfc..0aa50ab9a7 100644 > --- a/libavformat/url.c > +++ b/libavformat/url.c > @@ -81,6 +81,7 @@ void ff_make_absolute_url(char *buf, int size, const char *base, > const char *rel) > { > char *sep, *path_query; > + char *root, *p; > /* Absolute path, relative to the current server */ > if (base && strstr(base, "://") && rel[0] == '/') { > if (base != buf) > @@ -120,16 +121,32 @@ void ff_make_absolute_url(char *buf, int size, const char *base, > return; > } > > + root = p = buf; > + /* Get the path root of the url which start by "://" */ > + if (p && strstr(p, "://")) { > + sep = strstr(p, "://"); > + if (sep) { > + sep += 3; > + root = strchr(sep, '/'); > + } > + } > + > /* Remove the file name from the base url */ > sep = strrchr(buf, '/'); > + if (sep <= root) > + sep = root; > + > if (sep) > sep[1] = '\0'; > else > buf[0] = '\0'; > while (av_strstart(rel, "../", NULL) && sep) { > /* Remove the path delimiter at the end */ > - sep[0] = '\0'; > - sep = strrchr(buf, '/'); > + if (sep > root) { > + sep[0] = '\0'; > + sep = strrchr(buf, '/'); > + } > + > /* If the next directory name to pop off is "..", break here */ > if (!strcmp(sep ? &sep[1] : buf, "..")) { > /* Readd the slash we just removed */ > -- > 2.25.0 > > > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Nicolas George (12020-04-27):
> Please run FATE yourself before submitting patches.
And please heed reply-to headers. It's already annoying enough to have
you twice in Cc, it's REALLY annoying to get CCed when I explicitly
asked not to in the proper technical way.
(Seriously, people, if you want to use crappy e-mail systems, do so, but
do not annoy third parties with bogus workardounds.)
Regards,
> 2020年4月27日 下午7:04,lance.lmwang@gmail.com 写道: > > On Mon, Apr 27, 2020 at 06:51:47PM +0800, Steven Liu wrote: >> fix ticket: 8625 >> and add testcase into url for double dot corner case > > I think you need update ./tests/ref/fate/url also. > > make fate-url SAMPLES=../fate-suite Yes, the fate server have report the result to me. > >> >> Suggested-by: Martin Storsjö <martin@martin.st> >> Signed-off-by: Steven Liu <liuqi05@kuaishou.com> >> --- >> libavformat/tests/url.c | 3 +++ >> libavformat/url.c | 21 +++++++++++++++++++-- >> 2 files changed, 22 insertions(+), 2 deletions(-) >> >> diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c >> index 5e484fd428..02d0d59aa8 100644 >> --- a/libavformat/tests/url.c >> +++ b/libavformat/tests/url.c >> @@ -56,6 +56,7 @@ int main(void) >> test("/foo/bar", "baz"); >> test("/foo/bar", "../baz"); >> test("/foo/bar", "/baz"); >> + test("/foo/bar", "../../../baz"); >> test("http://server/foo/", "baz"); >> test("http://server/foo/bar", "baz"); >> test("http://server/foo/", "../baz"); >> @@ -65,6 +66,8 @@ int main(void) >> test("http://server/foo/bar?param=value/with/slashes", "/baz"); >> test("http://server/foo/bar?param&otherparam", "?someparam"); >> test("http://server/foo/bar", "//other/url"); >> + test("http://server/foo/bar", "../../../../../other/url"); >> + test("http://server/foo/bar", "/../../../../../other/url"); >> >> printf("\nTesting av_url_split:\n"); >> test2("/foo/bar"); >> diff --git a/libavformat/url.c b/libavformat/url.c >> index 596fb49cfc..0aa50ab9a7 100644 >> --- a/libavformat/url.c >> +++ b/libavformat/url.c >> @@ -81,6 +81,7 @@ void ff_make_absolute_url(char *buf, int size, const char *base, >> const char *rel) >> { >> char *sep, *path_query; >> + char *root, *p; >> /* Absolute path, relative to the current server */ >> if (base && strstr(base, "://") && rel[0] == '/') { >> if (base != buf) >> @@ -120,16 +121,32 @@ void ff_make_absolute_url(char *buf, int size, const char *base, >> return; >> } >> >> + root = p = buf; >> + /* Get the path root of the url which start by "://" */ >> + if (p && strstr(p, "://")) { >> + sep = strstr(p, "://"); >> + if (sep) { >> + sep += 3; >> + root = strchr(sep, '/'); >> + } >> + } >> + >> /* Remove the file name from the base url */ >> sep = strrchr(buf, '/'); >> + if (sep <= root) >> + sep = root; >> + >> if (sep) >> sep[1] = '\0'; >> else >> buf[0] = '\0'; >> while (av_strstart(rel, "../", NULL) && sep) { >> /* Remove the path delimiter at the end */ >> - sep[0] = '\0'; >> - sep = strrchr(buf, '/'); >> + if (sep > root) { >> + sep[0] = '\0'; >> + sep = strrchr(buf, '/'); >> + } >> + >> /* If the next directory name to pop off is "..", break here */ >> if (!strcmp(sep ? &sep[1] : buf, "..")) { >> /* Readd the slash we just removed */ >> -- >> 2.25.0 >> >> >> >> _______________________________________________ >> ffmpeg-devel mailing list >> ffmpeg-devel@ffmpeg.org >> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel >> >> To unsubscribe, visit link above, or email >> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > > -- > Thanks, > Limin Wang > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". Thanks Steven Liu
> 2020年4月27日 下午7:05,Nicolas George <george@nsup.org> 写道: > > Nicolas George (12020-04-27): >> Please run FATE yourself before submitting patches. > > And please heed reply-to headers. It's already annoying enough to have > you twice in Cc, it's REALLY annoying to get CCed when I explicitly > asked not to in the proper technical way. > > (Seriously, people, if you want to use crappy e-mail systems, do so, but > do not annoy third parties with bogus workardounds.) Do you mean you don’t want in the cc list? I think can remove you from cc list if you don’t want in it. > > Regards, > > -- > Nicolas George Thanks Steven Liu
Steven Liu (12020-04-27): > Do you mean you don’t want in the cc list? > I think can remove you from cc list if you don’t want in it. I want you to do exactly as the headers direct you to do. Regards,
> 2020年4月27日 下午7:10,Nicolas George <george@nsup.org> 写道: > > Steven Liu (12020-04-27): >> Do you mean you don’t want in the cc list? >> I think can remove you from cc list if you don’t want in it. > > I want you to do exactly as the headers direct you to do. Inner peace. Thanks Steven Liu
diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c index 5e484fd428..02d0d59aa8 100644 --- a/libavformat/tests/url.c +++ b/libavformat/tests/url.c @@ -56,6 +56,7 @@ int main(void) test("/foo/bar", "baz"); test("/foo/bar", "../baz"); test("/foo/bar", "/baz"); + test("/foo/bar", "../../../baz"); test("http://server/foo/", "baz"); test("http://server/foo/bar", "baz"); test("http://server/foo/", "../baz"); @@ -65,6 +66,8 @@ int main(void) test("http://server/foo/bar?param=value/with/slashes", "/baz"); test("http://server/foo/bar?param&otherparam", "?someparam"); test("http://server/foo/bar", "//other/url"); + test("http://server/foo/bar", "../../../../../other/url"); + test("http://server/foo/bar", "/../../../../../other/url"); printf("\nTesting av_url_split:\n"); test2("/foo/bar"); diff --git a/libavformat/url.c b/libavformat/url.c index 596fb49cfc..0aa50ab9a7 100644 --- a/libavformat/url.c +++ b/libavformat/url.c @@ -81,6 +81,7 @@ void ff_make_absolute_url(char *buf, int size, const char *base, const char *rel) { char *sep, *path_query; + char *root, *p; /* Absolute path, relative to the current server */ if (base && strstr(base, "://") && rel[0] == '/') { if (base != buf) @@ -120,16 +121,32 @@ void ff_make_absolute_url(char *buf, int size, const char *base, return; } + root = p = buf; + /* Get the path root of the url which start by "://" */ + if (p && strstr(p, "://")) { + sep = strstr(p, "://"); + if (sep) { + sep += 3; + root = strchr(sep, '/'); + } + } + /* Remove the file name from the base url */ sep = strrchr(buf, '/'); + if (sep <= root) + sep = root; + if (sep) sep[1] = '\0'; else buf[0] = '\0'; while (av_strstart(rel, "../", NULL) && sep) { /* Remove the path delimiter at the end */ - sep[0] = '\0'; - sep = strrchr(buf, '/'); + if (sep > root) { + sep[0] = '\0'; + sep = strrchr(buf, '/'); + } + /* If the next directory name to pop off is "..", break here */ if (!strcmp(sep ? &sep[1] : buf, "..")) { /* Readd the slash we just removed */
fix ticket: 8625 and add testcase into url for double dot corner case Suggested-by: Martin Storsjö <martin@martin.st> Signed-off-by: Steven Liu <liuqi05@kuaishou.com> --- libavformat/tests/url.c | 3 +++ libavformat/url.c | 21 +++++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-)