TODO: this needs to cleanly open a file url context for checking This stops someone having a local file like "http:evilhost.com" and playing it as "http:evilhost.com" without explicitly specifying the http protocol on the whitelist
That is it reduces the impact of people not using the "file:" scheme explicitly on untrusted filenames at the expense of causing some problems if a remote url exists ad a local file Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/avio.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/libavformat/avio.c b/libavformat/avio.c index 3606eb0fda..5a11add415 100644 --- a/libavformat/avio.c +++ b/libavformat/avio.c @@ -31,6 +31,8 @@ #endif #include "url.h" +static const struct URLProtocol *url_find_protocol(const char *filename); + /** @name Logging context. */ /*@{*/ static const char *urlcontext_to_name(void *ptr) @@ -188,6 +190,17 @@ int ffurl_connect(URLContext *uc, AVDictionary **options) return AVERROR(EINVAL); } + if ((uc->flags & AVIO_FLAG_READ) && + !uc->protocol_whitelist && + !uc->protocol_blacklist && + strcmp(uc->prot->name, "file")) { + const URLProtocol *file_protocol = url_find_protocol("file:"); + if (file_protocol->url_check(uc, 0) >= 0) { + av_log(uc, AV_LOG_ERROR, "Ambigous filename %s exists, specify a whitelist!\n", uc->filename); + return AVERROR(EEXIST); + } + } + if (!uc->protocol_whitelist && uc->prot->default_whitelist) { av_log(uc, AV_LOG_DEBUG, "Setting default whitelist '%s'\n", uc->prot->default_whitelist); uc->protocol_whitelist = av_strdup(uc->prot->default_whitelist); -- 2.11.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel