[FFmpeg-cvslog] avformat/hls: More strict url checks
    Michael Niedermayer 
    git at videolan.org
       
    Fri Jan 15 17:51:16 CET 2016
    
    
  
ffmpeg | branch: release/2.5 | Michael Niedermayer <michael at niedermayer.cc> | Fri Jan 15 13:29:38 2016 +0100| [8d5060192cf2bdd9e504e640bc5aafee3a04b99b] | committer: Michael Niedermayer
avformat/hls: More strict url checks
No case is known where these are needed
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ba42b6482c725a59eb468391544dc0c75b8c6f0)
Conflicts:
	libavformat/hls.c
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
Conflicts:
	libavformat/hls.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d5060192cf2bdd9e504e640bc5aafee3a04b99b
---
 libavformat/hls.c |   27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 1bd4678..de40b6d 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -900,6 +900,20 @@ static void intercept_id3(struct playlist *pls, uint8_t *buf,
         pls->is_id3_timestamped = (pls->id3_mpegts_timestamp != AV_NOPTS_VALUE);
 }
 
+
+static int check_url(const char *url) {
+    const char *proto_name = avio_find_protocol_name(url);
+    if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL))
+        return AVERROR_INVALIDDATA;
+
+    if (!strncmp(proto_name, url, strlen(proto_name)) && url[strlen(proto_name)] == ':')
+        return 0;
+    else if (strcmp(proto_name, "file") || !strcmp(url, "file,"))
+        return AVERROR_INVALIDDATA;
+
+    return 0;
+}
+
 static int open_input(HLSContext *c, struct playlist *pls)
 {
     AVDictionary *opts = NULL;
@@ -927,11 +941,9 @@ static int open_input(HLSContext *c, struct playlist *pls)
            seg->url, seg->url_offset, pls->index);
 
     if (seg->key_type == KEY_NONE) {
-        const char *proto_name = avio_find_protocol_name(seg->url);
-        if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL)) {
-            ret = AVERROR_INVALIDDATA;
+        ret = check_url(seg->url);
+        if (ret < 0)
             goto cleanup;
-        }
 
         ret = ffurl_open(&pls->input, seg->url, AVIO_FLAG_READ,
                           &pls->parent->interrupt_callback, &opts);
@@ -940,11 +952,10 @@ static int open_input(HLSContext *c, struct playlist *pls)
         char iv[33], key[33], url[MAX_URL_SIZE];
         if (strcmp(seg->key, pls->key_url)) {
             URLContext *uc;
-            const char *proto_name = avio_find_protocol_name(seg->key);
-            if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL)) {
-                ret = AVERROR_INVALIDDATA;
+            ret = check_url(seg->key);
+            if (ret < 0)
                 goto cleanup;
-            }
+
             if (ffurl_open(&uc, seg->key, AVIO_FLAG_READ,
                            &pls->parent->interrupt_callback, &opts2) == 0) {
                 if (ffurl_read_complete(uc, pls->key, sizeof(pls->key))
    
    
More information about the ffmpeg-cvslog
mailing list