[FFmpeg-devel] [PATCH v2 1/2] avformat/url: check double dot is not to parent directory

Zlomek, Josef josef at pex.com
Sun Jul 26 09:38:42 EEST 2020 

I will submit patch on monday.

Josef

On Sat, Jul 25, 2020 at 8:27 AM 刘歧 <lq at chinaffmpeg.org> wrote:

>
>
> 在 2020/7/25 下午2:11,“ffmpeg-devel 代表 Zlomek, Josef”<
> ffmpeg-devel-bounces at ffmpeg.org 代表 josef at pex.com> 写入:
>
>     Hi Steven,
>
>     It is better but still not correct. Consider this test:
>
>     test("http://server/foo/bar",
>     "a/b/../c/d/../e../.../..f/g../h../other/url/a.mp3/...");
>     It should give "
>     http://server/foo/bar/a/c/e../.../..f/g../h../other/url/a.mp3/...".
>
>     I think the best would be to use strtok(p, "/") to split the path into
> the
>     components and for each ".." component remove the previous one (if
> there
>     are some still).
> I think you can submit patch if you have full idea for it.
>
>     Best regards,
>     Josef
>
>     On Sat, Jul 25, 2020 at 4:45 AM Steven Liu <lq at chinaffmpeg.org> wrote:
>
>     > fix ticket: 8814
>     > if get ".." in the url, check next byte and lead byte by double dot,
>     > it there have no '/' and not root node, it is not used go to
> directory ".."
>     >
>     > Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
>     > ---
>     >  libavformat/url.c | 12 ++++++++++++
>     >  1 file changed, 12 insertions(+)
>     >
>     > diff --git a/libavformat/url.c b/libavformat/url.c
>     > index 20463a6674..35f27fe3ca 100644
>     > --- a/libavformat/url.c
>     > +++ b/libavformat/url.c
>     > @@ -97,6 +97,18 @@ static void trim_double_dot_url(char *buf, const
> char
>     > *rel, int size)
>     >      /* set new current position if the root node is changed */
>     >      p = root;
>     >      while (p && (node = strstr(p, ".."))) {
>     > +        if (strlen(node) > 2 && node[2] != '/') {
>     > +            node = strstr(node + 1, "..");
>     > +            if (!node)
>     > +                break;
>     > +        }
>     > +
>     > +        if (p != node && p[node - p - 1] != '/') {
>     > +            node = strstr(node + 1, "..");
>     > +            if (!node)
>     > +                break;
>     > +        }
>     > +
>     >          av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
>     >          p = node + 3;
>     >          sep = strrchr(tmp_path, '/');
>     > --
>     > 2.25.0
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > ffmpeg-devel mailing list
>     > ffmpeg-devel at ffmpeg.org
>     > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>     >
>     > To unsubscribe, visit link above, or email
>     > ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
>
>
>     --
>     Josef Zlomek
>     _______________________________________________
>     ffmpeg-devel mailing list
>     ffmpeg-devel at ffmpeg.org
>     https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
>     To unsubscribe, visit link above, or email
>     ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
>
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".



-- 
Josef Zlomek

More information about the ffmpeg-devel mailing list