[libav-devel] [PATCH] hls: Add a blacklist option

Wed, 13 Jan 2016 09:14:47 -0800 

concat can be abused to leak local file contents as url parameter.

CC: [email protected]
Reported-By: Максим Андреев <[email protected]>
---

Not sure if we want to add a whitelist option as well.

 libavformat/hls.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index dc3ab87..d8d1dcd 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -104,6 +104,7 @@ typedef struct HLSContext {
     int seek_flags;
     AVIOInterruptCB *interrupt_callback;
     AVDictionary *avio_opts;
+    char *blacklist;
 } HLSContext;

 static int read_chomp_line(AVIOContext *s, char *buf, int maxlen)
@@ -153,6 +154,19 @@ static void reset_packet(AVPacket *pkt)
     pkt->data = NULL;
 }

+static int in_blacklist(const char *url, const char *blacklist)
+{
+    char proto[128];
+
+    av_url_split(proto, sizeof(proto),
+                 NULL, 0,
+                 NULL, 0,
+                 NULL, NULL, 0,
+                 url);
+
+    return av_match_name(proto, blacklist);
+}
+
 static struct variant *new_variant(HLSContext *c, int bandwidth,
                                    const char *url, const char *base)
 {
@@ -161,6 +175,10 @@ static struct variant *new_variant(HLSContext *c, int 
bandwidth,
         return NULL;
     reset_packet(&var->pkt);
     var->bandwidth = bandwidth;
+
+    if (in_blacklist(url, c->blacklist))
+        return NULL;
+
     ff_make_absolute_url(var->url, sizeof(var->url), base, url);
     dynarray_add(&c->variants, &c->n_variants, var);
     return var;
@@ -852,6 +870,19 @@ static int hls_probe(AVProbeData *p)
     return 0;
 }

+#define OFFSET(x) offsetof(HLSContext, x)
+#define D AV_OPT_FLAG_DECODING_PARAM
+static const AVOption options[] = {
+    {"blacklist", "Comma-separated list of protocols to reject",  
OFFSET(blacklist),    AV_OPT_TYPE_STRING,  {.str = "concat"},     0, 0, D},
+    { NULL },
+};
+
+static const AVClass hls_class = {
+    .class_name = "hls demuxer",
+    .item_name  = av_default_item_name,
+    .option     = options,
+    .version    = LIBAVUTIL_VERSION_INT,
+};
 AVInputFormat ff_hls_demuxer = {
     .name           = "hls,applehttp",
     .long_name      = NULL_IF_CONFIG_SMALL("Apple HTTP Live Streaming"),
@@ -861,4 +892,5 @@ AVInputFormat ff_hls_demuxer = {
     .read_packet    = hls_read_packet,
     .read_close     = hls_close,
     .read_seek      = hls_read_seek,
+    .priv_class     = &hls_class,
 };
--
2.6.1

_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to