[FFmpeg-devel] [PATCH v5] avformat/url: check url root node when rel include double dot and trim double dot

Steven Liu lq at chinaffmpeg.org
Sat May 2 05:01:40 EEST 2020 


> 2020年4月29日 下午12:50,Steven Liu <lq at chinaffmpeg.org> 写道:
> 
> fix ticket: 8625
> and add testcase into url for double dot corner case
> 
> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
> libavformat/tests/url.c |  5 +++
> libavformat/url.c       | 77 ++++++++++++++++++++++++++++++++++++++---
> tests/ref/fate/url      |  5 +++
> 3 files changed, 83 insertions(+), 4 deletions(-)
> 
> diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c
> index 5e484fd428..1d961a1b43 100644
> --- a/libavformat/tests/url.c
> +++ b/libavformat/tests/url.c
> @@ -56,6 +56,7 @@ int main(void)
>     test("/foo/bar", "baz");
>     test("/foo/bar", "../baz");
>     test("/foo/bar", "/baz");
> +    test("/foo/bar", "../../../baz");
>     test("http://server/foo/", "baz");
>     test("http://server/foo/bar", "baz");
>     test("http://server/foo/", "../baz");
> @@ -65,6 +66,10 @@ int main(void)
>     test("http://server/foo/bar?param=value/with/slashes", "/baz");
>     test("http://server/foo/bar?param&otherparam", "?someparam");
>     test("http://server/foo/bar", "//other/url");
> +    test("http://server/foo/bar", "../../../../../other/url");
> +    test("http://server/foo/bar", "/../../../../../other/url");
> +    test("http://server/foo/bar", "/test/../../../../../other/url");
> +    test("http://server/foo/bar", "/test/../../test/../../../other/url");
> 
>     printf("\nTesting av_url_split:\n");
>     test2("/foo/bar");
> diff --git a/libavformat/url.c b/libavformat/url.c
> index 596fb49cfc..7cd9e0c705 100644
> --- a/libavformat/url.c
> +++ b/libavformat/url.c
> @@ -21,6 +21,7 @@
> 
> 
> #include "avformat.h"
> +#include "internal.h"
> #include "config.h"
> #include "url.h"
> #if CONFIG_NETWORK
> @@ -77,10 +78,53 @@ int ff_url_join(char *str, int size, const char *proto,
>     return strlen(str);
> }
> 
> +static void trim_double_dot_url(char *buf, const char *rel, int size)
> +{
> +    const char *p = rel;
> +    const char *root = rel;
> +    char tmp_path[MAX_URL_SIZE] = {0, };
> +    char *sep;
> +    char *node;
> +
> +    /* Get the path root of the url which start by "://" */
> +    if (p && (sep = strstr(p, "://"))) {
> +        sep += 3;
> +        root = strchr(sep, '/');
> +    }
> +
> +    /* set new current position if the root node is changed */
> +    p = root;
> +    while (p && (node = strstr(p, ".."))) {
> +        av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
> +        p = node + 3;
> +        sep = strrchr(tmp_path, '/');
> +        if (sep)
> +            sep[0] = '\0';
> +        else
> +            tmp_path[0] = '\0';
> +    }
> +
> +    if (!av_stristart(p, "/", NULL) && root != rel)
> +        av_strlcat(tmp_path, "/", size);
> +
> +    av_strlcat(tmp_path, p, size);
> +    /* start set buf after temp path process. */
> +    av_strlcpy(buf, rel, root - rel + 1);
> +
> +    if (!av_stristart(tmp_path, "/", NULL) && root != rel)
> +        av_strlcat(buf, "/", size);
> +
> +    av_strlcat(buf, tmp_path, size);
> +}
> +
> void ff_make_absolute_url(char *buf, int size, const char *base,
>                           const char *rel)
> {
>     char *sep, *path_query;
> +    char *root, *p;
> +    char tmp_path[MAX_URL_SIZE];
> +
> +    memset(tmp_path, 0, sizeof(tmp_path));
>     /* Absolute path, relative to the current server */
>     if (base && strstr(base, "://") && rel[0] == '/') {
>         if (base != buf)
> @@ -99,11 +143,14 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
>             }
>         }
>         av_strlcat(buf, rel, size);
> +        trim_double_dot_url(tmp_path, buf, size);
> +        memset(buf, 0, size);
> +        av_strlcpy(buf, tmp_path, size);
>         return;
>     }
>     /* If rel actually is an absolute url, just copy it */
>     if (!base || strstr(rel, "://") || rel[0] == '/') {
> -        av_strlcpy(buf, rel, size);
> +        trim_double_dot_url(buf, rel, size);
>         return;
>     }
>     if (base != buf)
> @@ -117,19 +164,38 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
>     /* Is relative path just a new query part? */
>     if (rel[0] == '?') {
>         av_strlcat(buf, rel, size);
> +        trim_double_dot_url(tmp_path, buf, size);
> +        memset(buf, 0, size);
> +        av_strlcpy(buf, tmp_path, size);
>         return;
>     }
> 
> +    root = p = buf;
> +    /* Get the path root of the url which start by "://" */
> +    if (p && strstr(p, "://")) {
> +        sep = strstr(p, "://");
> +        if (sep) {
> +            sep += 3;
> +            root = strchr(sep, '/');
> +        }
> +    }
> +
>     /* Remove the file name from the base url */
>     sep = strrchr(buf, '/');
> +    if (sep <= root)
> +        sep = root;
> +
>     if (sep)
>         sep[1] = '\0';
>     else
>         buf[0] = '\0';
> -    while (av_strstart(rel, "../", NULL) && sep) {
> +    while (av_strstart(rel, "..", NULL) && sep) {
>         /* Remove the path delimiter at the end */
> -        sep[0] = '\0';
> -        sep = strrchr(buf, '/');
> +        if (sep > root) {
> +            sep[0] = '\0';
> +            sep = strrchr(buf, '/');
> +        }
> +
>         /* If the next directory name to pop off is "..", break here */
>         if (!strcmp(sep ? &sep[1] : buf, "..")) {
>             /* Readd the slash we just removed */
> @@ -144,6 +210,9 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
>         rel += 3;
>     }
>     av_strlcat(buf, rel, size);
> +    trim_double_dot_url(tmp_path, buf, size);
> +    memset(buf, 0, size);
> +    av_strlcpy(buf, tmp_path, size);
> }
> 
> AVIODirEntry *ff_alloc_dir_entry(void)
> diff --git a/tests/ref/fate/url b/tests/ref/fate/url
> index 980b2ce1f9..533ba2cb1e 100644
> --- a/tests/ref/fate/url
> +++ b/tests/ref/fate/url
> @@ -3,6 +3,7 @@ Testing ff_make_absolute_url:
>                                           /foo/bar baz                  => /foo/baz
>                                           /foo/bar ../baz               => /baz
>                                           /foo/bar /baz                 => /baz
> +                                          /foo/bar ../../../baz         => /baz
>                                 http://server/foo/ baz                  => http://server/foo/baz
>                              http://server/foo/bar baz                  => http://server/foo/baz
>                                 http://server/foo/ ../baz               => http://server/baz
> @@ -12,6 +13,10 @@ Testing ff_make_absolute_url:
>     http://server/foo/bar?param=value/with/slashes /baz                 => http://server/baz
>             http://server/foo/bar?param&otherparam ?someparam           => http://server/foo/bar?someparam
>                              http://server/foo/bar //other/url          => http://other/url
> +                             http://server/foo/bar ../../../../../other/url => http://server/other/url
> +                             http://server/foo/bar /../../../../../other/url => http://server/other/url
> +                             http://server/foo/bar /test/../../../../../other/url => http://server/other/url
> +                             http://server/foo/bar /test/../../test/../../../other/url => http://server/other/url
> 
> Testing av_url_split:
> /foo/bar                                                     =>                                                    -1 /foo/bar
> -- 
> 2.25.0
> 

ping

Thanks

Steven Liu

More information about the ffmpeg-devel mailing list