[FFmpeg-devel] [PATCH] avformat/hls: Check local file extensions
Michael Niedermayer
michael at niedermayer.cc
Mon Jun 5 04:08:08 EEST 2017
On Sat, Jun 03, 2017 at 09:20:04PM +0200, Michael Niedermayer wrote:
> This reduces the attack surface of local file-system
> information leaking.
>
> It prevents the existing exploit leading to an information leak. As
> well as similar hypothetical attacks.
>
> Leaks of information from files and symlinks ending in common multimedia extensions
> are still possible. But files with sensitive information like private keys and passwords
> generally do not use common multimedia filename extensions.
> It does not stop leaks via remote addresses in the LAN.
>
> The existing exploit depends on a specific decoder as well.
> It does appear though that the exploit should be possible with any decoder.
> The problem is that as long as sensitive information gets into the decoder,
> the output of the decoder becomes sensitive as well.
> The only obvious solution is to prevent access to sensitive information. Or to
> disable hls or possibly some of its feature. More complex solutions like
> checking the path to limit access to only subdirectories of the hls path may
> work as an alternative. But such solutions are fragile and tricky to implement
> portably and would not stop every possible attack nor would they work with all
> valid hls files.
>
> Developers have expressed their dislike / objected to disabling hls by default as well
> as disabling hls with local files. There also where objections against restricting
> remote url file extensions. This here is a less robust but also lower
> inconvenience solution.
> It can be applied stand alone or together with other solutions.
>
> Found-by: Emil Lerner and Pavel Cheremushkin
> Reported-by: Thierry Foucu <tfoucu at google.com>
>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/hls.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
Applied with the author name joke suggested by nicolas
Thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170605/c7faf751/attachment.sig>
More information about the ffmpeg-devel
mailing list