[FFmpeg-cvslog] hls: disallow opening nested files in child demuxers

Anton Khirnov git at videolan.org
Mon Feb 29 16:52:00 CET 2016


ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Mon Feb 15 14:47:33 2016 +0100| [225e84e74544062706c0159ec0737b0e1d40915f] | committer: Anton Khirnov

hls: disallow opening nested files in child demuxers

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=225e84e74544062706c0159ec0737b0e1d40915f
---

 libavformat/hls.c |   11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index c370b6e..daee862 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -494,6 +494,16 @@ static int save_avio_options(AVFormatContext *s)
     return ret;
 }
 
+static int nested_io_open(AVFormatContext *s, AVIOContext **pb, const char *url,
+                          int flags, AVDictionary **opts)
+{
+    av_log(s, AV_LOG_ERROR,
+           "A HLS playlist item '%s' referred to an external file '%s'. "
+           "Opening this file was forbidden for security reasons\n",
+           s->filename, url);
+    return AVERROR(EPERM);
+}
+
 static int hls_read_header(AVFormatContext *s)
 {
     HLSContext *c = s->priv_data;
@@ -579,6 +589,7 @@ static int hls_read_header(AVFormatContext *s)
             goto fail;
         }
         v->ctx->pb       = &v->pb;
+        v->ctx->io_open  = nested_io_open;
         v->stream_offset = stream_offset;
         ret = avformat_open_input(&v->ctx, v->segments[0]->url, in_fmt, NULL);
         if (ret < 0)



More information about the ffmpeg-cvslog mailing list