diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2016-01-15 13:29:38 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2016-01-15 16:00:32 +0100 |
| commit | 123d356829d6d72f75c820a184fee3dc7086dde0 (patch) | |
| tree | 965ee04c5fab931a1c058522bc8f670724c54284 | |
| parent | 119659b759a6840d7121340313d06cdc83215d7b (diff) | |
| download | ffmpeg-123d356829d6d72f75c820a184fee3dc7086dde0.tar.gz | |
avformat/hls: More strict url checks
No case is known where these are needed
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ba42b6482c725a59eb468391544dc0c75b8c6f0)
Conflicts:
libavformat/hls.c
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavformat/hls.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/libavformat/hls.c b/libavformat/hls.c index e7e323b71b..472e226faa 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -1010,6 +1010,19 @@ static void update_options(char **dest, const char *name, void *src) av_freep(dest); } +static int check_url(const char *url) { + const char *proto_name = avio_find_protocol_name(url); + if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL)) + return AVERROR_INVALIDDATA; + + if (!strncmp(proto_name, url, strlen(proto_name)) && url[strlen(proto_name)] == ':') + return 0; + else if (strcmp(proto_name, "file") || !strcmp(url, "file,")) + return AVERROR_INVALIDDATA; + + return 0; +} + static int open_input(HLSContext *c, struct playlist *pls, struct segment *seg) { AVDictionary *opts = NULL; @@ -1036,11 +1049,9 @@ static int open_input(HLSContext *c, struct playlist *pls, struct segment *seg) seg->url, seg->url_offset, pls->index); if (seg->key_type == KEY_NONE) { - const char *proto_name = avio_find_protocol_name(seg->url); - if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL)) { - ret = AVERROR_INVALIDDATA; + ret = check_url(seg->url); + if (ret < 0) goto cleanup; - } ret = ffurl_open(&pls->input, seg->url, AVIO_FLAG_READ, &pls->parent->interrupt_callback, &opts); @@ -1049,11 +1060,10 @@ static int open_input(HLSContext *c, struct playlist *pls, struct segment *seg) char iv[33], key[33], url[MAX_URL_SIZE]; if (strcmp(seg->key, pls->key_url)) { URLContext *uc; - const char *proto_name = avio_find_protocol_name(seg->key); - if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL)) { - ret = AVERROR_INVALIDDATA; + ret = check_url(seg->key); + if (ret < 0) goto cleanup; - } + if (ffurl_open(&uc, seg->key, AVIO_FLAG_READ, &pls->parent->interrupt_callback, &opts2) == 0) { if (ffurl_read_complete(uc, pls->key, sizeof(pls->key)) |