On 11/08/2022 00:27, Derek Buitenhuis wrote:
A gateway can see everything, and we should not be shipping a hardcoded
default from a third party company; it's a security risk.
Signed-off-by: Derek Buitenhuis <derek.buitenh...@gmail.com>
---
libavformat/ipfsgateway.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/libavformat/ipfsgateway.c b/libavformat/ipfsgateway.c
index 5a5178c563..907b61b017 100644
--- a/libavformat/ipfsgateway.c
+++ b/libavformat/ipfsgateway.c
@@ -240,13 +240,8 @@ static int translate_ipfs_to_http(URLContext *h, const
char *uri, int flags, AVD
ret = populate_ipfs_gateway(h);
if (ret < 1) {
- // We fallback on dweb.link (managed by Protocol Labs).
- snprintf(c->gateway_buffer, sizeof(c->gateway_buffer),
"https://dweb.link";);
-
- av_log(h, AV_LOG_WARNING,
- "IPFS does not appear to be running. "
- "You’re now using the public gateway at dweb.link.\n");
- av_log(h, AV_LOG_INFO,
+ av_log(h, AV_LOG_ERROR,
+ "IPFS does not appear to be running.\n\n"
"Installing IPFS locally is recommended to "
"improve performance and reliability, "
"and not share all your activity with a single IPFS
gateway.\n"
@@ -259,6 +254,8 @@ static int translate_ipfs_to_http(URLContext *h, const char
*uri, int flags, AVD
"3. Define an $IPFS_PATH environment variable "
"and point it to the IPFS data path "
"- this is typically ~/.ipfs\n");
+ ret = AVERROR(EINVAL);
+ goto err;
}
}
ACK, hardcoding a public gateway is a huge NO from me.
Also in string favour of backporting this to 5.1, since it should have
never made it in there in the first place.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
