[FFmpeg-devel] [PATCH v3] avformat/url: check url root node when rel include double dot
Steven Liu
lq at chinaffmpeg.org
Mon Apr 27 14:27:46 EEST 2020
> 2020年4月27日 下午7:22,Nicolas George <george at nsup.org> 写道:
>
> Steven Liu (12020-04-27):
>> /../../../../../other/url, this is the absolute path, so just concat and don’t process,
>> Or what do you want to say?
>
> This is not an absolute path, since it contains "..". I think it is a
> problem that the output of ff_make_absolute_url() is not, you know,
> absolute.
>
> It can even be considered a security issue, since other parts of the
> code could assume that the output of ff_make_absolute_url() is actually
> absolute.
I need one example to understand about the security issue after this patch.
Thanks
Steven Liu
More information about the ffmpeg-devel
mailing list