diff mbox series

[FFmpeg-devel,1/2] avformat/url: check double dot is not directory

Message ID 20200724142137.77212-1-lq@chinaffmpeg.org
State New
Headers show
Series [FFmpeg-devel,1/2] avformat/url: check double dot is not directory
Related show

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Steven Liu July 24, 2020, 2:21 p.m. UTC
fix ticket: 8814
if get double dot in the url, check next byte by double dot,
it there have no '/', it is not directory double dot

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
---
 libavformat/url.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Marton Balint July 24, 2020, 2:34 p.m. UTC | #1
On Fri, 24 Jul 2020, Steven Liu wrote:

> fix ticket: 8814
> if get double dot in the url, check next byte by double dot,
> it there have no '/', it is not directory double dot

And what about previous byte? E.g.: http://ffmpeg.org/dummy../dummy

Regards,
Marton

>
> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
> ---
> libavformat/url.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavformat/url.c b/libavformat/url.c
> index 20463a6674..92cb4ea116 100644
> --- a/libavformat/url.c
> +++ b/libavformat/url.c
> @@ -97,6 +97,10 @@ static void trim_double_dot_url(char *buf, const char *rel, int size)
>     /* set new current position if the root node is changed */
>     p = root;
>     while (p && (node = strstr(p, ".."))) {
> +        if (node[2] != '/') {
> +            av_strlcpy(buf, rel, size);;
> +            return;
> +        }
>         av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
>         p = node + 3;
>         sep = strrchr(tmp_path, '/');
> -- 
> 2.25.0
>
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Andreas Rheinhardt July 24, 2020, 3:25 p.m. UTC | #2
Steven Liu:
> fix ticket: 8814
> if get double dot in the url, check next byte by double dot,
> it there have no '/', it is not directory double dot
> 
> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
> ---
>  libavformat/url.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/libavformat/url.c b/libavformat/url.c
> index 20463a6674..92cb4ea116 100644
> --- a/libavformat/url.c
> +++ b/libavformat/url.c
> @@ -97,6 +97,10 @@ static void trim_double_dot_url(char *buf, const char *rel, int size)
>      /* set new current position if the root node is changed */
>      p = root;
>      while (p && (node = strstr(p, ".."))) {
> +        if (node[2] != '/') {
> +            av_strlcpy(buf, rel, size);;

double ;

> +            return;
> +        }

A url that contains a .. that does not mean "parent folder" can
nevertheless contain a .. meaning "parent folder" lateron, so I don't
think you can simply return here.

>          av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
>          p = node + 3;
>          sep = strrchr(tmp_path, '/');
>
diff mbox series

Patch

diff --git a/libavformat/url.c b/libavformat/url.c
index 20463a6674..92cb4ea116 100644
--- a/libavformat/url.c
+++ b/libavformat/url.c
@@ -97,6 +97,10 @@  static void trim_double_dot_url(char *buf, const char *rel, int size)
     /* set new current position if the root node is changed */
     p = root;
     while (p && (node = strstr(p, ".."))) {
+        if (node[2] != '/') {
+            av_strlcpy(buf, rel, size);;
+            return;
+        }
         av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
         p = node + 3;
         sep = strrchr(tmp_path, '/');