[FFmpeg-devel] [PATCH] add av_enable_strict_whitelists()

Michael Niedermayer michaelni at gmx.at
Sat Oct 25 23:32:42 CEST 2014 

On Sat, Oct 25, 2014 at 05:43:00PM -0300, James Almer wrote:
> On 25/10/14 4:51 PM, Michael Niedermayer wrote:
> > diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
> > index eac3fc7..1000c80 100644
> > --- a/libavcodec/avcodec.h
> > +++ b/libavcodec/avcodec.h
> > @@ -3118,6 +3118,8 @@ typedef struct AVCodecContext {
> >       * If NULL then all are allowed
> >       * - encoding: unused
> >       * - decoding: set by user through AVOPtions (NO direct access)
> > +     *
> > +     * @see av_enable_strict_whitelists()
> >       */
> >      char *codec_whitelist;
> >  } AVCodecContext;
> > @@ -5240,6 +5242,21 @@ const AVCodecDescriptor *avcodec_descriptor_next(const AVCodecDescriptor *prev);
> >  const AVCodecDescriptor *avcodec_descriptor_get_by_name(const char *name);
> >  
> >  /**
> > + * Enables strict whitelists, so that if no whitelist is set nothing will be
> > + * allowed.
> > + * This improves security because when some code forgets to set or forward
> > + * the whitelists it will fail instead of allowing an attacker to access a
> > + * larger codebase than intended/needed.
> > + */
> > +void av_enable_strict_whitelists(void);
> > +
> > +/**
> > + * returns non zero if strict whitelists are enabled.
> > + * @see av_enable_strict_whitelists()
> > + */
> > +int av_are_strict_whitelists_enabled(void);
> > +
> > +/**
> >   * @}
> >   */
> 
> How about
> 
> av_codec_whitelist_strict_enable() av_codec_whitelist_strict_enabled()
> av_codec_whitelist_enable_strict() av_codec_whitelist_enabled_strict()
> av_strict_whitelist_enable() av_strict_whitelist_enabled()

these are typo prone, i mean will you spot this:
(could easily happen with auto completion of words ...)

av_codec_whitelist_strict_enabled(); // enabling strict whitelists
avcodec_open();

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I know you won't believe me, but the highest form of Human Excellence is
to question oneself and others. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20141025/ca8a4650/attachment.asc>

More information about the ffmpeg-devel mailing list