[FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add -mask_url to replace the protocol address in the command with the asterisk (*)
Nicolas George
george at nsup.org
Mon Dec 26 15:21:17 EET 2022
Wujian(Chin) (12022-12-26):
> The issue has been modified. Please review again, thank you!
>
> Signed-off-by: wujian_nanjing <wujian2 at huawei.com>
> ---
> doc/fftools-common-opts.texi | 11 +++++++
> fftools/cmdutils.c | 77 ++++++++++++++++++++++++++++++++++++++++++--
> fftools/cmdutils.h | 25 ++++++++++++++
> fftools/ffmpeg.c | 10 +++---
> fftools/ffplay.c | 9 ++++--
> fftools/ffprobe.c | 10 +++---
> 6 files changed, 128 insertions(+), 14 deletions(-)
>
> diff --git a/doc/fftools-common-opts.texi b/doc/fftools-common-opts.texi
> index d914570..724c028 100644
> --- a/doc/fftools-common-opts.texi
> +++ b/doc/fftools-common-opts.texi
> @@ -363,6 +363,17 @@ for testing. Do not use it unless you know what you're doing.
> ffmpeg -cpucount 2
> @end example
>
> + at item -mask_url -i @var{url} (@emph{output})
> +If the protocol address contains the user name and password, the ps -ef
Start with what the option does.
> +command exposes plaintext. You can add the -mask_url parameter option is
> +added to replace the protocol address in the command line with the
> +asterisk (*). Because other users can run the ps -ef command to view sensitive
> +information such as the user name and password in the protocol address,
> +which is insecure.
> + at example
> +ffmpeg -mask_url -i rtsp://username:password-ip:port/stream/test
> + at end example
> +
> @item -max_alloc @var{bytes}
> Set the maximum size limit for allocating a block on the heap by ffmpeg's
> family of malloc functions. Exercise @strong{extreme caution} when using
> diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
> index a1de621..0f80910 100644
> --- a/fftools/cmdutils.c
> +++ b/fftools/cmdutils.c
> @@ -61,6 +61,74 @@ AVDictionary *format_opts, *codec_opts;
>
> int hide_banner = 0;
>
> +void mask_param(int argc, char **argv)
> +{
> + int i, j;
> + for (i = 1; i < argc; i++) {
> + char *match = strstr(argv[i], "://");
Still leaving credentials in options visible.
> + if (match) {
> + int total = strlen(argv[i]);
> + for (j = 0; j < total; j++) {
> + argv[i][j] = '*';
> + }
> + }
> + }
> +}
> +
> +char **copy_argv(int argc, char **argv)
> +{
> + char **argv_copy;
> + argv_copy = av_mallocz(argc * sizeof(char *));
> + if (!argv_copy) {
> + av_log(NULL, AV_LOG_FATAL, "argv_copy malloc failed\n");
> + exit_program(1);
> + }
> +
> + for (int i = 0; i < argc; i++) {
> + int length = strlen(argv[i]) + 1;
> + argv_copy[i] = av_mallocz(length * sizeof(*argv_copy));
> + if (!argv_copy[i]) {
> + av_log(NULL, AV_LOG_FATAL, "argv_copy[%d] malloc failed\n", i);
> + exit_program(1);
> + }
> + memcpy(argv_copy[i], argv[i], length);
> + }
> + return argv_copy;
> +}
> +
> +char **handle_arg_param(int argc, int mask_flag, char **argv)
> +{
> + char **argv_copy;
> + argv_copy = copy_argv(argc, argv);
> + if (mask_flag)
> + mask_param(argc, argv);
> + return argv_copy;
> +}
> +
> +int get_mask_flag(int *argc, char ***argv)
> +{
> + for (int i = 1; i < *argc; i++) {
> + if (strcmp((*argv)[i], "-mask_url")) {
> + continue;
> + }
> +
> + for (int j = i + 1; j < *argc; j++) {
> + (*argv)[j - 1] = (*argv)[j];
> + }
> + (*argc)--;
> + return 1;
> + }
> +
> + return 0;
> +}
Still unacceptable.
> +
> +void free_argv_copy(int argc, char **argv)
> +{
> + for (int i = 0; i < argc; i++)
> + av_free(argv[i]);
> + av_free(argv);
> +}
> +
> void uninit_opts(void)
> {
> av_dict_free(&swr_opts);
> @@ -215,13 +283,16 @@ static void prepare_app_arguments(int *argc_ptr, char ***argv_ptr)
> if (win32_argv_utf8) {
> *argc_ptr = win32_argc;
> *argv_ptr = win32_argv_utf8;
> + get_mask_flag(argc_ptr, argv_ptr);
> return;
> }
>
> win32_argc = 0;
> argv_w = CommandLineToArgvW(GetCommandLineW(), &win32_argc);
> - if (win32_argc <= 0 || !argv_w)
> + if (win32_argc <= 0 || !argv_w) {
> + get_mask_flag(argc_ptr, argv_ptr);
> return;
> + }
>
> /* determine the UTF-8 buffer size (including NULL-termination symbols) */
> for (i = 0; i < win32_argc; i++)
> @@ -232,6 +303,7 @@ static void prepare_app_arguments(int *argc_ptr, char ***argv_ptr)
> argstr_flat = (char *)win32_argv_utf8 + sizeof(char *) * (win32_argc + 1);
> if (!win32_argv_utf8) {
> LocalFree(argv_w);
> + get_mask_flag(argc_ptr, argv_ptr);
> return;
> }
>
> @@ -246,6 +318,7 @@ static void prepare_app_arguments(int *argc_ptr, char ***argv_ptr)
>
> *argc_ptr = win32_argc;
> *argv_ptr = win32_argv_utf8;
> + get_mask_flag(argc_ptr, argv_ptr);
> }
> #else
> static inline void prepare_app_arguments(int *argc_ptr, char ***argv_ptr)
> @@ -696,10 +769,8 @@ int split_commandline(OptionParseContext *octx, int argc, char *argv[],
> {
> int optindex = 1;
> int dashdash = -2;
> -
> /* perform system-dependent conversions for arguments list */
> prepare_app_arguments(&argc, &argv);
> -
> init_parse_context(octx, groups, nb_groups);
> av_log(NULL, AV_LOG_DEBUG, "Splitting the commandline.\n");
>
> diff --git a/fftools/cmdutils.h b/fftools/cmdutils.h
> index 4496221..08c4da7 100644
> --- a/fftools/cmdutils.h
> +++ b/fftools/cmdutils.h
> @@ -50,6 +50,31 @@ extern AVDictionary *format_opts, *codec_opts;
> extern int hide_banner;
>
> /**
> + * Using to mask sensitive info.
> + */
> +void mask_param(int argc, char **argv);
> +
> +/**
> + * Using to copy ori argv.
> + */
> +char **copy_argv(int argc, char **argv);
> +
> +/**
> + * Handle argv and argv_copy.
> + */
> +char **handle_arg_param(int argc, int mask_flag, char **argv);
> +
> +/**
> + * Get mask flag.
> + */
> +int get_mask_flag(int *argc, char ***argv);
> +
> +/**
> + * Free argv.
> + */
> +void free_argv_copy(int argc, char **argv);
> +
> +/**
> * Register a program-specific cleanup routine.
> */
> void register_exit(void (*cb)(int ret));
> diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
> index 881d6f0..d16eb36 100644
> --- a/fftools/ffmpeg.c
> +++ b/fftools/ffmpeg.c
> @@ -3865,9 +3865,9 @@ static int64_t getmaxrss(void)
>
> int main(int argc, char **argv)
> {
> - int ret;
> + int ret, mask_flag;
> BenchmarkTimeStamps ti;
> -
> + char **argv_copy;
> init_dynload();
>
> register_exit(ffmpeg_cleanup);
> @@ -3877,15 +3877,16 @@ int main(int argc, char **argv)
> av_log_set_flags(AV_LOG_SKIP_REPEATED);
> parse_loglevel(argc, argv, options);
>
> + mask_flag = get_mask_flag(&argc, &argv);
> #if CONFIG_AVDEVICE
> avdevice_register_all();
> #endif
> avformat_network_init();
>
> show_banner(argc, argv, options);
> -
> + argv_copy = handle_arg_param(argc, mask_flag, argv);
> /* parse options and open all input/output files */
> - ret = ffmpeg_parse_options(argc, argv);
> + ret = ffmpeg_parse_options(argc, argv_copy);
> if (ret < 0)
> exit_program(1);
>
> @@ -3920,5 +3921,6 @@ int main(int argc, char **argv)
> exit_program(69);
>
> exit_program(received_nb_signals ? 255 : main_return_code);
> + free_argv_copy(argc, argv_copy);
> return main_return_code;
> }
> diff --git a/fftools/ffplay.c b/fftools/ffplay.c
> index fc7e1c2..559e417 100644
> --- a/fftools/ffplay.c
> +++ b/fftools/ffplay.c
> @@ -3663,10 +3663,12 @@ void show_help_default(const char *opt, const char *arg)
> /* Called from the main */
> int main(int argc, char **argv)
> {
> - int flags;
> + int flags, mask_flag;
> + char **argv_copy;
> VideoState *is;
>
> init_dynload();
> + mask_flag = get_mask_flag(&argc, &argv);
>
> av_log_set_flags(AV_LOG_SKIP_REPEATED);
> parse_loglevel(argc, argv, options);
> @@ -3682,7 +3684,8 @@ int main(int argc, char **argv)
>
> show_banner(argc, argv, options);
>
> - parse_options(NULL, argc, argv, options, opt_input_file);
> + argv_copy = handle_arg_param(argc, mask_flag, argv);
> + parse_options(NULL, argc, argv_copy, options, opt_input_file);
>
> if (!input_filename) {
> show_usage();
> @@ -3759,6 +3762,6 @@ int main(int argc, char **argv)
> event_loop(is);
>
> /* never returns */
> -
> + free_argv_copy(argc, argv_copy);
> return 0;
> }
> diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
> index d2f126d..49375bd 100644
> --- a/fftools/ffprobe.c
> +++ b/fftools/ffprobe.c
> @@ -4035,9 +4035,10 @@ int main(int argc, char **argv)
> WriterContext *wctx;
> char *buf;
> char *w_name = NULL, *w_args = NULL;
> - int ret, input_ret, i;
> -
> + int ret, input_ret, i, mask_flag;
> + char **argv_copy;
> init_dynload();
> + mask_flag = get_mask_flag(&argc, &argv);
>
> #if HAVE_THREADS
> ret = pthread_mutex_init(&log_mutex, NULL);
> @@ -4056,8 +4057,8 @@ int main(int argc, char **argv)
> #endif
>
> show_banner(argc, argv, options);
> - parse_options(NULL, argc, argv, options, opt_input_file);
> -
> + argv_copy = handle_arg_param(argc, mask_flag, argv);
> + parse_options(NULL, argc, argv_copy, options, opt_input_file);
> if (do_show_log)
> av_log_set_callback(log_callback);
>
> @@ -4173,6 +4174,7 @@ end:
> av_freep(&print_format);
> av_freep(&read_intervals);
> av_hash_freep(&hash);
> + free_argv_copy(argc, argv_copy);
>
> uninit_opts();
> for (i = 0; i < FF_ARRAY_ELEMS(sections); i++)
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20221226/34fd555d/attachment.sig>
More information about the ffmpeg-devel
mailing list