[FFmpeg-cvslog] avformat/hls: More strict url checks

[Michael Niedermayer]

ffmpeg | branch: release/2.4 | Michael Niedermayer <mich...@niedermayer.cc> | 
Fri Jan 15 13:29:38 2016 +0100| [990abbd1c6123e39c8115b19967ba16bc69262b7] | 
committer: Michael Niedermayer

avformat/hls: More strict url checks

No case is known where these are needed

Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
(cherry picked from commit 6ba42b6482c725a59eb468391544dc0c75b8c6f0)

Conflicts:

        libavformat/hls.c

Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>

Conflicts:

        libavformat/hls.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=990abbd1c6123e39c8115b19967ba16bc69262b7
---

 libavformat/hls.c |   27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index c66f85b..63ab951 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -900,6 +900,20 @@ static void intercept_id3(struct playlist *pls, uint8_t 
*buf,
         pls->is_id3_timestamped = (pls->id3_mpegts_timestamp != 
AV_NOPTS_VALUE);
 }
 
+
+static int check_url(const char *url) {
+    const char *proto_name = avio_find_protocol_name(url);
+    if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, 
"file", NULL))
+        return AVERROR_INVALIDDATA;
+
+    if (!strncmp(proto_name, url, strlen(proto_name)) && 
url[strlen(proto_name)] == ':')
+        return 0;
+    else if (strcmp(proto_name, "file") || !strcmp(url, "file,"))
+        return AVERROR_INVALIDDATA;
+
+    return 0;
+}
+
 static int open_input(HLSContext *c, struct playlist *pls)
 {
     AVDictionary *opts = NULL;
@@ -927,11 +941,9 @@ static int open_input(HLSContext *c, struct playlist *pls)
            seg->url, seg->url_offset, pls->index);
 
     if (seg->key_type == KEY_NONE) {
-        const char *proto_name = avio_find_protocol_name(seg->url);
-        if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, 
"file", NULL)) {
-            ret = AVERROR_INVALIDDATA;
+        ret = check_url(seg->url);
+        if (ret < 0)
             goto cleanup;
-        }
 
         ret = ffurl_open(&pls->input, seg->url, AVIO_FLAG_READ,
                           &pls->parent->interrupt_callback, &opts);
@@ -940,11 +952,10 @@ static int open_input(HLSContext *c, struct playlist *pls)
         char iv[33], key[33], url[MAX_URL_SIZE];
         if (strcmp(seg->key, pls->key_url)) {
             URLContext *uc;
-            const char *proto_name = avio_find_protocol_name(seg->key);
-            if (!av_strstart(proto_name, "http", NULL) && 
!av_strstart(proto_name, "file", NULL)) {
-                ret = AVERROR_INVALIDDATA;
+            ret = check_url(seg->key);
+            if (ret < 0)
                 goto cleanup;
-            }
+
             if (ffurl_open(&uc, seg->key, AVIO_FLAG_READ,
                            &pls->parent->interrupt_callback, &opts2) == 0) {
                 if (ffurl_read_complete(uc, pls->key, sizeof(pls->key))

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog