| Message ID | 20200429045057.30435-1-lq@chinaffmpeg.org |
|---|---|
| State | Accepted |
| Commit | 648051f07cffd0d91c89dc6706e3d0d6a286de43 |
| Headers | show |
| Series | [FFmpeg-devel,v5] avformat/url: check url root node when rel include double dot and trim double dot | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
> 2020年4月29日 下午12:50,Steven Liu <lq@chinaffmpeg.org> 写道: > > fix ticket: 8625 > and add testcase into url for double dot corner case > > Signed-off-by: Steven Liu <lq@chinaffmpeg.org> > --- > libavformat/tests/url.c | 5 +++ > libavformat/url.c | 77 ++++++++++++++++++++++++++++++++++++++--- > tests/ref/fate/url | 5 +++ > 3 files changed, 83 insertions(+), 4 deletions(-) > > diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c > index 5e484fd428..1d961a1b43 100644 > --- a/libavformat/tests/url.c > +++ b/libavformat/tests/url.c > @@ -56,6 +56,7 @@ int main(void) > test("/foo/bar", "baz"); > test("/foo/bar", "../baz"); > test("/foo/bar", "/baz"); > + test("/foo/bar", "../../../baz"); > test("http://server/foo/", "baz"); > test("http://server/foo/bar", "baz"); > test("http://server/foo/", "../baz"); > @@ -65,6 +66,10 @@ int main(void) > test("http://server/foo/bar?param=value/with/slashes", "/baz"); > test("http://server/foo/bar?param&otherparam", "?someparam"); > test("http://server/foo/bar", "//other/url"); > + test("http://server/foo/bar", "../../../../../other/url"); > + test("http://server/foo/bar", "/../../../../../other/url"); > + test("http://server/foo/bar", "/test/../../../../../other/url"); > + test("http://server/foo/bar", "/test/../../test/../../../other/url"); > > printf("\nTesting av_url_split:\n"); > test2("/foo/bar"); > diff --git a/libavformat/url.c b/libavformat/url.c > index 596fb49cfc..7cd9e0c705 100644 > --- a/libavformat/url.c > +++ b/libavformat/url.c > @@ -21,6 +21,7 @@ > > > #include "avformat.h" > +#include "internal.h" > #include "config.h" > #include "url.h" > #if CONFIG_NETWORK > @@ -77,10 +78,53 @@ int ff_url_join(char *str, int size, const char *proto, > return strlen(str); > } > > +static void trim_double_dot_url(char *buf, const char *rel, int size) > +{ > + const char *p = rel; > + const char *root = rel; > + char tmp_path[MAX_URL_SIZE] = {0, }; > + char *sep; > + char *node; > + > + /* Get the path root of the url which start by "://" */ > + if (p && (sep = strstr(p, "://"))) { > + sep += 3; > + root = strchr(sep, '/'); > + } > + > + /* set new current position if the root node is changed */ > + p = root; > + while (p && (node = strstr(p, ".."))) { > + av_strlcat(tmp_path, p, node - p + strlen(tmp_path)); > + p = node + 3; > + sep = strrchr(tmp_path, '/'); > + if (sep) > + sep[0] = '\0'; > + else > + tmp_path[0] = '\0'; > + } > + > + if (!av_stristart(p, "/", NULL) && root != rel) > + av_strlcat(tmp_path, "/", size); > + > + av_strlcat(tmp_path, p, size); > + /* start set buf after temp path process. */ > + av_strlcpy(buf, rel, root - rel + 1); > + > + if (!av_stristart(tmp_path, "/", NULL) && root != rel) > + av_strlcat(buf, "/", size); > + > + av_strlcat(buf, tmp_path, size); > +} > + > void ff_make_absolute_url(char *buf, int size, const char *base, > const char *rel) > { > char *sep, *path_query; > + char *root, *p; > + char tmp_path[MAX_URL_SIZE]; > + > + memset(tmp_path, 0, sizeof(tmp_path)); > /* Absolute path, relative to the current server */ > if (base && strstr(base, "://") && rel[0] == '/') { > if (base != buf) > @@ -99,11 +143,14 @@ void ff_make_absolute_url(char *buf, int size, const char *base, > } > } > av_strlcat(buf, rel, size); > + trim_double_dot_url(tmp_path, buf, size); > + memset(buf, 0, size); > + av_strlcpy(buf, tmp_path, size); > return; > } > /* If rel actually is an absolute url, just copy it */ > if (!base || strstr(rel, "://") || rel[0] == '/') { > - av_strlcpy(buf, rel, size); > + trim_double_dot_url(buf, rel, size); > return; > } > if (base != buf) > @@ -117,19 +164,38 @@ void ff_make_absolute_url(char *buf, int size, const char *base, > /* Is relative path just a new query part? */ > if (rel[0] == '?') { > av_strlcat(buf, rel, size); > + trim_double_dot_url(tmp_path, buf, size); > + memset(buf, 0, size); > + av_strlcpy(buf, tmp_path, size); > return; > } > > + root = p = buf; > + /* Get the path root of the url which start by "://" */ > + if (p && strstr(p, "://")) { > + sep = strstr(p, "://"); > + if (sep) { > + sep += 3; > + root = strchr(sep, '/'); > + } > + } > + > /* Remove the file name from the base url */ > sep = strrchr(buf, '/'); > + if (sep <= root) > + sep = root; > + > if (sep) > sep[1] = '\0'; > else > buf[0] = '\0'; > - while (av_strstart(rel, "../", NULL) && sep) { > + while (av_strstart(rel, "..", NULL) && sep) { > /* Remove the path delimiter at the end */ > - sep[0] = '\0'; > - sep = strrchr(buf, '/'); > + if (sep > root) { > + sep[0] = '\0'; > + sep = strrchr(buf, '/'); > + } > + > /* If the next directory name to pop off is "..", break here */ > if (!strcmp(sep ? &sep[1] : buf, "..")) { > /* Readd the slash we just removed */ > @@ -144,6 +210,9 @@ void ff_make_absolute_url(char *buf, int size, const char *base, > rel += 3; > } > av_strlcat(buf, rel, size); > + trim_double_dot_url(tmp_path, buf, size); > + memset(buf, 0, size); > + av_strlcpy(buf, tmp_path, size); > } > > AVIODirEntry *ff_alloc_dir_entry(void) > diff --git a/tests/ref/fate/url b/tests/ref/fate/url > index 980b2ce1f9..533ba2cb1e 100644 > --- a/tests/ref/fate/url > +++ b/tests/ref/fate/url > @@ -3,6 +3,7 @@ Testing ff_make_absolute_url: > /foo/bar baz => /foo/baz > /foo/bar ../baz => /baz > /foo/bar /baz => /baz > + /foo/bar ../../../baz => /baz > http://server/foo/ baz => http://server/foo/baz > http://server/foo/bar baz => http://server/foo/baz > http://server/foo/ ../baz => http://server/baz > @@ -12,6 +13,10 @@ Testing ff_make_absolute_url: > http://server/foo/bar?param=value/with/slashes /baz => http://server/baz > http://server/foo/bar?param&otherparam ?someparam => http://server/foo/bar?someparam > http://server/foo/bar //other/url => http://other/url > + http://server/foo/bar ../../../../../other/url => http://server/other/url > + http://server/foo/bar /../../../../../other/url => http://server/other/url > + http://server/foo/bar /test/../../../../../other/url => http://server/other/url > + http://server/foo/bar /test/../../test/../../../other/url => http://server/other/url > > Testing av_url_split: > /foo/bar => -1 /foo/bar > -- > 2.25.0 > ping Thanks Steven Liu
Steven Liu (12020-04-29): > fix ticket: 8625 > and add testcase into url for double dot corner case > > Signed-off-by: Steven Liu <lq@chinaffmpeg.org> > --- > libavformat/tests/url.c | 5 +++ > libavformat/url.c | 77 ++++++++++++++++++++++++++++++++++++++--- > tests/ref/fate/url | 5 +++ > 3 files changed, 83 insertions(+), 4 deletions(-) I do not have any objection to this version, but I do not maintain that code, nor do I know it very well. Regards,
diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c index 5e484fd428..1d961a1b43 100644 --- a/libavformat/tests/url.c +++ b/libavformat/tests/url.c @@ -56,6 +56,7 @@ int main(void) test("/foo/bar", "baz"); test("/foo/bar", "../baz"); test("/foo/bar", "/baz"); + test("/foo/bar", "../../../baz"); test("http://server/foo/", "baz"); test("http://server/foo/bar", "baz"); test("http://server/foo/", "../baz"); @@ -65,6 +66,10 @@ int main(void) test("http://server/foo/bar?param=value/with/slashes", "/baz"); test("http://server/foo/bar?param&otherparam", "?someparam"); test("http://server/foo/bar", "//other/url"); + test("http://server/foo/bar", "../../../../../other/url"); + test("http://server/foo/bar", "/../../../../../other/url"); + test("http://server/foo/bar", "/test/../../../../../other/url"); + test("http://server/foo/bar", "/test/../../test/../../../other/url"); printf("\nTesting av_url_split:\n"); test2("/foo/bar"); diff --git a/libavformat/url.c b/libavformat/url.c index 596fb49cfc..7cd9e0c705 100644 --- a/libavformat/url.c +++ b/libavformat/url.c @@ -21,6 +21,7 @@ #include "avformat.h" +#include "internal.h" #include "config.h" #include "url.h" #if CONFIG_NETWORK @@ -77,10 +78,53 @@ int ff_url_join(char *str, int size, const char *proto, return strlen(str); } +static void trim_double_dot_url(char *buf, const char *rel, int size) +{ + const char *p = rel; + const char *root = rel; + char tmp_path[MAX_URL_SIZE] = {0, }; + char *sep; + char *node; + + /* Get the path root of the url which start by "://" */ + if (p && (sep = strstr(p, "://"))) { + sep += 3; + root = strchr(sep, '/'); + } + + /* set new current position if the root node is changed */ + p = root; + while (p && (node = strstr(p, ".."))) { + av_strlcat(tmp_path, p, node - p + strlen(tmp_path)); + p = node + 3; + sep = strrchr(tmp_path, '/'); + if (sep) + sep[0] = '\0'; + else + tmp_path[0] = '\0'; + } + + if (!av_stristart(p, "/", NULL) && root != rel) + av_strlcat(tmp_path, "/", size); + + av_strlcat(tmp_path, p, size); + /* start set buf after temp path process. */ + av_strlcpy(buf, rel, root - rel + 1); + + if (!av_stristart(tmp_path, "/", NULL) && root != rel) + av_strlcat(buf, "/", size); + + av_strlcat(buf, tmp_path, size); +} + void ff_make_absolute_url(char *buf, int size, const char *base, const char *rel) { char *sep, *path_query; + char *root, *p; + char tmp_path[MAX_URL_SIZE]; + + memset(tmp_path, 0, sizeof(tmp_path)); /* Absolute path, relative to the current server */ if (base && strstr(base, "://") && rel[0] == '/') { if (base != buf) @@ -99,11 +143,14 @@ void ff_make_absolute_url(char *buf, int size, const char *base, } } av_strlcat(buf, rel, size); + trim_double_dot_url(tmp_path, buf, size); + memset(buf, 0, size); + av_strlcpy(buf, tmp_path, size); return; } /* If rel actually is an absolute url, just copy it */ if (!base || strstr(rel, "://") || rel[0] == '/') { - av_strlcpy(buf, rel, size); + trim_double_dot_url(buf, rel, size); return; } if (base != buf) @@ -117,19 +164,38 @@ void ff_make_absolute_url(char *buf, int size, const char *base, /* Is relative path just a new query part? */ if (rel[0] == '?') { av_strlcat(buf, rel, size); + trim_double_dot_url(tmp_path, buf, size); + memset(buf, 0, size); + av_strlcpy(buf, tmp_path, size); return; } + root = p = buf; + /* Get the path root of the url which start by "://" */ + if (p && strstr(p, "://")) { + sep = strstr(p, "://"); + if (sep) { + sep += 3; + root = strchr(sep, '/'); + } + } + /* Remove the file name from the base url */ sep = strrchr(buf, '/'); + if (sep <= root) + sep = root; + if (sep) sep[1] = '\0'; else buf[0] = '\0'; - while (av_strstart(rel, "../", NULL) && sep) { + while (av_strstart(rel, "..", NULL) && sep) { /* Remove the path delimiter at the end */ - sep[0] = '\0'; - sep = strrchr(buf, '/'); + if (sep > root) { + sep[0] = '\0'; + sep = strrchr(buf, '/'); + } + /* If the next directory name to pop off is "..", break here */ if (!strcmp(sep ? &sep[1] : buf, "..")) { /* Readd the slash we just removed */ @@ -144,6 +210,9 @@ void ff_make_absolute_url(char *buf, int size, const char *base, rel += 3; } av_strlcat(buf, rel, size); + trim_double_dot_url(tmp_path, buf, size); + memset(buf, 0, size); + av_strlcpy(buf, tmp_path, size); } AVIODirEntry *ff_alloc_dir_entry(void) diff --git a/tests/ref/fate/url b/tests/ref/fate/url index 980b2ce1f9..533ba2cb1e 100644 --- a/tests/ref/fate/url +++ b/tests/ref/fate/url @@ -3,6 +3,7 @@ Testing ff_make_absolute_url: /foo/bar baz => /foo/baz /foo/bar ../baz => /baz /foo/bar /baz => /baz + /foo/bar ../../../baz => /baz http://server/foo/ baz => http://server/foo/baz http://server/foo/bar baz => http://server/foo/baz http://server/foo/ ../baz => http://server/baz @@ -12,6 +13,10 @@ Testing ff_make_absolute_url: http://server/foo/bar?param=value/with/slashes /baz => http://server/baz http://server/foo/bar?param&otherparam ?someparam => http://server/foo/bar?someparam http://server/foo/bar //other/url => http://other/url + http://server/foo/bar ../../../../../other/url => http://server/other/url + http://server/foo/bar /../../../../../other/url => http://server/other/url + http://server/foo/bar /test/../../../../../other/url => http://server/other/url + http://server/foo/bar /test/../../test/../../../other/url => http://server/other/url Testing av_url_split: /foo/bar => -1 /foo/bar
fix ticket: 8625 and add testcase into url for double dot corner case Signed-off-by: Steven Liu <lq@chinaffmpeg.org> --- libavformat/tests/url.c | 5 +++ libavformat/url.c | 77 ++++++++++++++++++++++++++++++++++++++--- tests/ref/fate/url | 5 +++ 3 files changed, 83 insertions(+), 4 deletions(-)