[FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add -mask_url to replace the protocol address in the command with the asterisk (*)
Wujian(Chin)
wujian2 at huawei.com
Mon Dec 26 15:07:51 EET 2022
The issue has been modified. Please review again, thank you!
Signed-off-by: wujian_nanjing <wujian2 at huawei.com>
---
doc/fftools-common-opts.texi | 11 +++++++
fftools/cmdutils.c | 77 ++++++++++++++++++++++++++++++++++++++++++--
fftools/cmdutils.h | 25 ++++++++++++++
fftools/ffmpeg.c | 10 +++---
fftools/ffplay.c | 9 ++++--
fftools/ffprobe.c | 10 +++---
6 files changed, 128 insertions(+), 14 deletions(-)
diff --git a/doc/fftools-common-opts.texi b/doc/fftools-common-opts.texi
index d914570..724c028 100644
--- a/doc/fftools-common-opts.texi
+++ b/doc/fftools-common-opts.texi
@@ -363,6 +363,17 @@ for testing. Do not use it unless you know what you're doing.
ffmpeg -cpucount 2
@end example
+ at item -mask_url -i @var{url} (@emph{output})
+If the protocol address contains the user name and password, the ps -ef
+command exposes plaintext. You can add the -mask_url parameter option is
+added to replace the protocol address in the command line with the
+asterisk (*). Because other users can run the ps -ef command to view sensitive
+information such as the user name and password in the protocol address,
+which is insecure.
+ at example
+ffmpeg -mask_url -i rtsp://username:password-ip:port/stream/test
+ at end example
+
@item -max_alloc @var{bytes}
Set the maximum size limit for allocating a block on the heap by ffmpeg's
family of malloc functions. Exercise @strong{extreme caution} when using
diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index a1de621..0f80910 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -61,6 +61,74 @@ AVDictionary *format_opts, *codec_opts;
int hide_banner = 0;
+void mask_param(int argc, char **argv)
+{
+ int i, j;
+ for (i = 1; i < argc; i++) {
+ char *match = strstr(argv[i], "://");
+ if (match) {
+ int total = strlen(argv[i]);
+ for (j = 0; j < total; j++) {
+ argv[i][j] = '*';
+ }
+ }
+ }
+}
+
+char **copy_argv(int argc, char **argv)
+{
+ char **argv_copy;
+ argv_copy = av_mallocz(argc * sizeof(char *));
+ if (!argv_copy) {
+ av_log(NULL, AV_LOG_FATAL, "argv_copy malloc failed\n");
+ exit_program(1);
+ }
+
+ for (int i = 0; i < argc; i++) {
+ int length = strlen(argv[i]) + 1;
+ argv_copy[i] = av_mallocz(length * sizeof(*argv_copy));
+ if (!argv_copy[i]) {
+ av_log(NULL, AV_LOG_FATAL, "argv_copy[%d] malloc failed\n", i);
+ exit_program(1);
+ }
+ memcpy(argv_copy[i], argv[i], length);
+ }
+ return argv_copy;
+}
+
+char **handle_arg_param(int argc, int mask_flag, char **argv)
+{
+ char **argv_copy;
+ argv_copy = copy_argv(argc, argv);
+ if (mask_flag)
+ mask_param(argc, argv);
+ return argv_copy;
+}
+
+int get_mask_flag(int *argc, char ***argv)
+{
+ for (int i = 1; i < *argc; i++) {
+ if (strcmp((*argv)[i], "-mask_url")) {
+ continue;
+ }
+
+ for (int j = i + 1; j < *argc; j++) {
+ (*argv)[j - 1] = (*argv)[j];
+ }
+ (*argc)--;
+ return 1;
+ }
+
+ return 0;
+}
+
+void free_argv_copy(int argc, char **argv)
+{
+ for (int i = 0; i < argc; i++)
+ av_free(argv[i]);
+ av_free(argv);
+}
+
void uninit_opts(void)
{
av_dict_free(&swr_opts);
@@ -215,13 +283,16 @@ static void prepare_app_arguments(int *argc_ptr, char ***argv_ptr)
if (win32_argv_utf8) {
*argc_ptr = win32_argc;
*argv_ptr = win32_argv_utf8;
+ get_mask_flag(argc_ptr, argv_ptr);
return;
}
win32_argc = 0;
argv_w = CommandLineToArgvW(GetCommandLineW(), &win32_argc);
- if (win32_argc <= 0 || !argv_w)
+ if (win32_argc <= 0 || !argv_w) {
+ get_mask_flag(argc_ptr, argv_ptr);
return;
+ }
/* determine the UTF-8 buffer size (including NULL-termination symbols) */
for (i = 0; i < win32_argc; i++)
@@ -232,6 +303,7 @@ static void prepare_app_arguments(int *argc_ptr, char ***argv_ptr)
argstr_flat = (char *)win32_argv_utf8 + sizeof(char *) * (win32_argc + 1);
if (!win32_argv_utf8) {
LocalFree(argv_w);
+ get_mask_flag(argc_ptr, argv_ptr);
return;
}
@@ -246,6 +318,7 @@ static void prepare_app_arguments(int *argc_ptr, char ***argv_ptr)
*argc_ptr = win32_argc;
*argv_ptr = win32_argv_utf8;
+ get_mask_flag(argc_ptr, argv_ptr);
}
#else
static inline void prepare_app_arguments(int *argc_ptr, char ***argv_ptr)
@@ -696,10 +769,8 @@ int split_commandline(OptionParseContext *octx, int argc, char *argv[],
{
int optindex = 1;
int dashdash = -2;
-
/* perform system-dependent conversions for arguments list */
prepare_app_arguments(&argc, &argv);
-
init_parse_context(octx, groups, nb_groups);
av_log(NULL, AV_LOG_DEBUG, "Splitting the commandline.\n");
diff --git a/fftools/cmdutils.h b/fftools/cmdutils.h
index 4496221..08c4da7 100644
--- a/fftools/cmdutils.h
+++ b/fftools/cmdutils.h
@@ -50,6 +50,31 @@ extern AVDictionary *format_opts, *codec_opts;
extern int hide_banner;
/**
+ * Using to mask sensitive info.
+ */
+void mask_param(int argc, char **argv);
+
+/**
+ * Using to copy ori argv.
+ */
+char **copy_argv(int argc, char **argv);
+
+/**
+ * Handle argv and argv_copy.
+ */
+char **handle_arg_param(int argc, int mask_flag, char **argv);
+
+/**
+ * Get mask flag.
+ */
+int get_mask_flag(int *argc, char ***argv);
+
+/**
+ * Free argv.
+ */
+void free_argv_copy(int argc, char **argv);
+
+/**
* Register a program-specific cleanup routine.
*/
void register_exit(void (*cb)(int ret));
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 881d6f0..d16eb36 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -3865,9 +3865,9 @@ static int64_t getmaxrss(void)
int main(int argc, char **argv)
{
- int ret;
+ int ret, mask_flag;
BenchmarkTimeStamps ti;
-
+ char **argv_copy;
init_dynload();
register_exit(ffmpeg_cleanup);
@@ -3877,15 +3877,16 @@ int main(int argc, char **argv)
av_log_set_flags(AV_LOG_SKIP_REPEATED);
parse_loglevel(argc, argv, options);
+ mask_flag = get_mask_flag(&argc, &argv);
#if CONFIG_AVDEVICE
avdevice_register_all();
#endif
avformat_network_init();
show_banner(argc, argv, options);
-
+ argv_copy = handle_arg_param(argc, mask_flag, argv);
/* parse options and open all input/output files */
- ret = ffmpeg_parse_options(argc, argv);
+ ret = ffmpeg_parse_options(argc, argv_copy);
if (ret < 0)
exit_program(1);
@@ -3920,5 +3921,6 @@ int main(int argc, char **argv)
exit_program(69);
exit_program(received_nb_signals ? 255 : main_return_code);
+ free_argv_copy(argc, argv_copy);
return main_return_code;
}
diff --git a/fftools/ffplay.c b/fftools/ffplay.c
index fc7e1c2..559e417 100644
--- a/fftools/ffplay.c
+++ b/fftools/ffplay.c
@@ -3663,10 +3663,12 @@ void show_help_default(const char *opt, const char *arg)
/* Called from the main */
int main(int argc, char **argv)
{
- int flags;
+ int flags, mask_flag;
+ char **argv_copy;
VideoState *is;
init_dynload();
+ mask_flag = get_mask_flag(&argc, &argv);
av_log_set_flags(AV_LOG_SKIP_REPEATED);
parse_loglevel(argc, argv, options);
@@ -3682,7 +3684,8 @@ int main(int argc, char **argv)
show_banner(argc, argv, options);
- parse_options(NULL, argc, argv, options, opt_input_file);
+ argv_copy = handle_arg_param(argc, mask_flag, argv);
+ parse_options(NULL, argc, argv_copy, options, opt_input_file);
if (!input_filename) {
show_usage();
@@ -3759,6 +3762,6 @@ int main(int argc, char **argv)
event_loop(is);
/* never returns */
-
+ free_argv_copy(argc, argv_copy);
return 0;
}
diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
index d2f126d..49375bd 100644
--- a/fftools/ffprobe.c
+++ b/fftools/ffprobe.c
@@ -4035,9 +4035,10 @@ int main(int argc, char **argv)
WriterContext *wctx;
char *buf;
char *w_name = NULL, *w_args = NULL;
- int ret, input_ret, i;
-
+ int ret, input_ret, i, mask_flag;
+ char **argv_copy;
init_dynload();
+ mask_flag = get_mask_flag(&argc, &argv);
#if HAVE_THREADS
ret = pthread_mutex_init(&log_mutex, NULL);
@@ -4056,8 +4057,8 @@ int main(int argc, char **argv)
#endif
show_banner(argc, argv, options);
- parse_options(NULL, argc, argv, options, opt_input_file);
-
+ argv_copy = handle_arg_param(argc, mask_flag, argv);
+ parse_options(NULL, argc, argv_copy, options, opt_input_file);
if (do_show_log)
av_log_set_callback(log_callback);
@@ -4173,6 +4174,7 @@ end:
av_freep(&print_format);
av_freep(&read_intervals);
av_hash_freep(&hash);
+ free_argv_copy(argc, argv_copy);
uninit_opts();
for (i = 0; i < FF_ARRAY_ELEMS(sections); i++)
--
2.7.4
More information about the ffmpeg-devel
mailing list