[FFmpeg-devel] [PATCH v2 1/2] avformat/url: check double dot is not to parent directory
Marton Balint
cus at passwd.hu
Sat Jul 25 12:40:15 EEST 2020
On Sat, 25 Jul 2020, Zlomek, Josef wrote:
> Hi Steven,
>
> It is better but still not correct. Consider this test:
>
> test("http://server/foo/bar",
> "a/b/../c/d/../e../.../..f/g../h../other/url/a.mp3/...");
> It should give "
> http://server/foo/bar/a/c/e../.../..f/g../h../other/url/a.mp3/...".
>
> I think the best would be to use strtok(p, "/") to split the path into the
> components and for each ".." component remove the previous one (if there
> are some still).
And I also would like to point out that using static strings with
MAX_URL_SIZE is not OK. This function supports an arbitrary buffer size,
so limiting it to MAX_URL_SIZE is a bug.
Regards,
Marton
>
> Best regards,
> Josef
>
> On Sat, Jul 25, 2020 at 4:45 AM Steven Liu <lq at chinaffmpeg.org> wrote:
>
>> fix ticket: 8814
>> if get ".." in the url, check next byte and lead byte by double dot,
>> it there have no '/' and not root node, it is not used go to directory ".."
>>
>> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
>> ---
>> libavformat/url.c | 12 ++++++++++++
>> 1 file changed, 12 insertions(+)
>>
>> diff --git a/libavformat/url.c b/libavformat/url.c
>> index 20463a6674..35f27fe3ca 100644
>> --- a/libavformat/url.c
>> +++ b/libavformat/url.c
>> @@ -97,6 +97,18 @@ static void trim_double_dot_url(char *buf, const char
>> *rel, int size)
>> /* set new current position if the root node is changed */
>> p = root;
>> while (p && (node = strstr(p, ".."))) {
>> + if (strlen(node) > 2 && node[2] != '/') {
>> + node = strstr(node + 1, "..");
>> + if (!node)
>> + break;
>> + }
>> +
>> + if (p != node && p[node - p - 1] != '/') {
>> + node = strstr(node + 1, "..");
>> + if (!node)
>> + break;
>> + }
>> +
>> av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
>> p = node + 3;
>> sep = strrchr(tmp_path, '/');
>> --
>> 2.25.0
>>
>>
>>
>>
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
>
>
> --
> Josef Zlomek
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list