[FFmpeg-devel] [PATCH] Ignore expired cookies
wm4
nfxjfg at googlemail.com
Sat Mar 25 16:51:09 EET 2017
On Sat, 25 Mar 2017 10:31:00 -0400
Micah Galizia <micahgalizia at gmail.com> wrote:
> Signed-off-by: Micah Galizia <micahgalizia at gmail.com>
> ---
> libavformat/http.c | 43 +++++++++++++++++++++++++++++++++++++++----
> 1 file changed, 39 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/http.c b/libavformat/http.c
> index 293a8a7..f7d1925 100644
> --- a/libavformat/http.c
> +++ b/libavformat/http.c
> @@ -29,6 +29,7 @@
> #include "libavutil/avstring.h"
> #include "libavutil/opt.h"
> #include "libavutil/time.h"
> +#include "libavutil/parseutils.h"
>
> #include "avformat.h"
> #include "http.h"
> @@ -48,6 +49,8 @@
> #define MAX_REDIRECTS 8
> #define HTTP_SINGLE 1
> #define HTTP_MUTLI 2
> +#define MAX_EXPIRY 30
> +#define WHITESPACES " \n\t\r"
> typedef enum {
> LOWER_PROTO,
> READ_HEADERS,
> @@ -877,15 +880,20 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path,
>
> *cookies = NULL;
> while ((cookie = av_strtok(set_cookies, "\n", &next))) {
> - int domain_offset = 0;
> + int domain_offset = 0, expired = 0;
> char *param, *next_param, *cdomain = NULL, *cpath = NULL, *cvalue = NULL;
> + char exp_buf[MAX_EXPIRY];
> set_cookies = NULL;
>
> // store the cookie in a dict in case it is updated in the response
> if (parse_cookie(s, cookie, &s->cookie_dict))
> av_log(s, AV_LOG_WARNING, "Unable to parse '%s'\n", cookie);
>
> - while ((param = av_strtok(cookie, "; ", &next_param))) {
> + while ((param = av_strtok(cookie, ";", &next_param))) {
> +
> + // move past any leading whitespace
> + param += strspn(param, WHITESPACES);
> +
> if (cookie) {
> // first key-value pair is the actual cookie value
> cvalue = av_strdup(param);
> @@ -899,6 +907,33 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path,
> int leading_dot = (param[7] == '.');
> av_free(cdomain);
> cdomain = av_strdup(¶m[7+leading_dot]);
> + } else if (!av_strncasecmp("expires=", param, 8)) {
> + int i, j, exp_len;
> + struct tm tm_buf = {0};
> + char *expiry = ¶m[8];
> +
> + // strip off any punctuation or whitespace
> + exp_len = strlen(expiry);
> + for (i = 0, j = 0; i < exp_len; i++) {
> + if ((expiry[i] >= '0' && expiry[i] <= '9') ||
> + (expiry[i] >= 'A' && expiry[i] <= 'Z') ||
> + (expiry[i] >= 'a' && expiry[i] <= 'z')) {
> + exp_buf[j] = expiry[i];
> + j++;
> + }
> + }
> + exp_buf[j] = '\0';
This can overflow sizeof(exp_buf).
> +
> + // move the string beyond the day of week
> + i = 0;
> + while ((exp_buf[i] < '0' || exp_buf[i] > '9') && (i < j))
> + i++;
> +
> + if (av_small_strptime(&exp_buf[i], "%d%b%Y%H%M%SGMT", &tm_buf)) {
> + time_t now = av_gettime() / 1000000;
I don't know if av_gettime() has the same time base...
> + if (av_timegm(&tm_buf) < now)
> + expired = 1;
> + }
> } else {
> // ignore unknown attributes
> }
> @@ -907,9 +942,9 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path,
> cdomain = av_strdup(domain);
>
> // ensure all of the necessary values are valid
> - if (!cdomain || !cpath || !cvalue) {
> + if (expired || !cdomain || !cpath || !cvalue ) {
> av_log(s, AV_LOG_WARNING,
> - "Invalid cookie found, no value, path or domain specified\n");
> + "Invalid cookie found, expired or no value, path or domain specified\n");
> goto done_cookie;
> }
>
More information about the ffmpeg-devel
mailing list