On Wed, Apr 08, 2015 at 07:30:12PM +0200, wm4 wrote:
> On Wed, 8 Apr 2015 19:27:55 +0200
> Gilles Chanteperdrix <gilles.chanteperd...@xenomai.org> wrote:
>
> > On Wed, Apr 08, 2015 at 07:24:27PM +0200, wm4 wrote:
> > > On Wed, 8 Apr 2015 19:16:38 +0200
> > > Gilles Chanteperdrix <gilles.chanteperd...@xenomai.org> wrote:
> > >
> > > > Signed-off-by: Gilles Chanteperdrix <gilles.chanteperd...@xenomai.org>
> > > > ---
> > > > libavformat/Makefile | 1 +
> > > > libavformat/allformats.c | 1 +
> > > > libavformat/youtubedl.c | 221
> > > > +++++++++++++++++++++++++++++++++++++++++++++++
> > > > 3 files changed, 223 insertions(+)
> > > > create mode 100644 libavformat/youtubedl.c
> > > >
> > > > diff --git a/libavformat/Makefile b/libavformat/Makefile
> > > > index 8d9a770..788b505 100644
> > > > --- a/libavformat/Makefile
> > > > +++ b/libavformat/Makefile
> > > > @@ -487,6 +487,7 @@ OBJS-$(CONFIG_LIBQUVI_DEMUXER) +=
> > > > libquvi.o
> > > > OBJS-$(CONFIG_LIBRTMP) += librtmp.o
> > > > OBJS-$(CONFIG_LIBSSH_PROTOCOL) += libssh.o
> > > > OBJS-$(CONFIG_LIBSMBCLIENT_PROTOCOL) += libsmbclient.o
> > > > +OBJS-$(CONFIG_YOUTUBEDL_DEMUXER) += youtubedl.o
> > > >
> > > > # protocols I/O
> > > > OBJS-$(CONFIG_APPLEHTTP_PROTOCOL) += hlsproto.o
> > > > diff --git a/libavformat/allformats.c b/libavformat/allformats.c
> > > > index e6a9d01..a684b73 100644
> > > > --- a/libavformat/allformats.c
> > > > +++ b/libavformat/allformats.c
> > > > @@ -386,6 +386,7 @@ void av_register_all(void)
> > > > REGISTER_DEMUXER (LIBMODPLUG, libmodplug);
> > > > REGISTER_MUXDEMUX(LIBNUT, libnut);
> > > > REGISTER_DEMUXER (LIBQUVI, libquvi);
> > > > + REGISTER_DEMUXER (YOUTUBEDL, youtubedl);
> > > > REGISTER_PROTOCOL(LIBRTMP, librtmp);
> > > > REGISTER_PROTOCOL(LIBRTMPE, librtmpe);
> > > > REGISTER_PROTOCOL(LIBRTMPS, librtmps);
> > > > diff --git a/libavformat/youtubedl.c b/libavformat/youtubedl.c
> > > > new file mode 100644
> > > > index 0000000..2d4ec60
> > > > --- /dev/null
> > > > +++ b/libavformat/youtubedl.c
> > > > @@ -0,0 +1,221 @@
> > > > +/*
> > > > + * Copyright (c) 2015 Gilles Chanteperdrix <g...@xenomai.org>
> > > > + *
> > > > + * This file is part of FFmpeg.
> > > > + *
> > > > + * FFmpeg is free software; you can redistribute it and/or
> > > > + * modify it under the terms of the GNU Lesser General Public
> > > > + * License as published by the Free Software Foundation; either
> > > > + * version 2.1 of the License, or (at your option) any later version.
> > > > + *
> > > > + * FFmpeg is distributed in the hope that it will be useful,
> > > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > > + * Lesser General Public License for more details.
> > > > + *
> > > > + * You should have received a copy of the GNU Lesser General Public
> > > > + * License along with FFmpeg; if not, write to the Free Software
> > > > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> > > > 02110-1301 USA
> > > > + */
> > > > +
> > > > +#include <stdlib.h>
> > > > +#include <unistd.h>
> > > > +
> > > > +#include "libavformat/avformat.h"
> > > > +#include "libavformat/internal.h"
> > > > +#include "libavutil/avassert.h"
> > > > +#include "libavutil/avstring.h"
> > > > +#include "libavutil/file.h"
> > > > +#include "libavutil/opt.h"
> > > > +
> > > > +typedef struct {
> > > > + const AVClass *class;
> > > > + char *format;
> > > > + AVFormatContext *fmtctx;
> > > > +} YoutubeDlContext;
> > > > +
> > > > +#define OUTBUF_SIZE 2048
> > > > +#define OFFSET(x) offsetof(YoutubeDlContext, x)
> > > > +#define FLAGS AV_OPT_FLAG_DECODING_PARAM
> > > > +static const AVOption youtubedl_options[] = {
> > > > + { "format", "request specific format", OFFSET(format),
> > > > AV_OPT_TYPE_STRING, {.str="best"}, .flags = FLAGS },
> > > > + { NULL }
> > > > +};
> > > > +
> > > > +static const AVClass youtubedl_context_class = {
> > > > + .class_name = "youtubedl",
> > > > + .item_name = av_default_item_name,
> > > > + .option = youtubedl_options,
> > > > + .version = LIBAVUTIL_VERSION_INT,
> > > > +};
> > > > +
> > > > +static int youtubedl_close(AVFormatContext *s)
> > > > +{
> > > > + YoutubeDlContext *yc = s->priv_data;
> > > > + if (yc->fmtctx)
> > > > + avformat_close_input(&yc->fmtctx);
> > > > + return 0;
> > > > +}
> > > > +
> > > > +static int youtubedl_get_output(char *output, size_t output_size,
> > > > + AVFormatContext *s, const char *command)
> > > > +{
> > > > + char *output_filename;
> > > > + int fd, ret, eof;
> > > > + size_t line_len;
> > > > + FILE *f;
> > > > +
> > > > + fd = av_tempfile("youtubedl", &output_filename, 0, s);
> > > > + if (fd < 0) {
> > > > + av_log(s, AV_LOG_ERROR, "Failed to create temporary file\n");
> > > > + return fd;
> > > > + }
> > > > + close(fd);
> > > > +
> > > > + command = av_asprintf("%s > %s", command, output_filename);
> > > > + if (!command) {
> > > > + av_log(s, AV_LOG_ERROR, "Out of memory\n");
> > > > + ret = AVERROR(ENOMEM);
> > > > + goto err_unlink_output;
> > > > + }
> > > > +
> > > > + ret = system(command);
> > > > + av_free((void *)command);
> > > > +
> > > > + if (ret != 0) {
> > > > + av_log(s, AV_LOG_ERROR, "Unexpected youtube-dl error\n");
> > > > + ret = ret < 0 ? AVERROR(errno) : AVERROR_EXTERNAL;
> > > > + goto err_unlink_output;
> > > > + }
> > > > +
> > > > + f = fopen(output_filename, "rb");
> > > > + if (!f) {
> > > > + av_log(s, AV_LOG_ERROR, "Unexpected error opening youtube-dl
> > > > output\n");
> > > > + ret = AVERROR(errno);
> > > > + goto err_unlink_output;
> > > > + }
> > > > +
> > > > + eof = !fgets(output, output_size, f);
> > > > + fclose(f);
> > > > + if (eof) {
> > > > + if (s)
> > > > + av_log(s, AV_LOG_ERROR, "Empty youtube-dl output\n");
> > > > + ret = AVERROR_INVALIDDATA;
> > > > + goto err_unlink_output;
> > > > + }
> > > > +
> > > > + line_len = strcspn(output, "\r\n");
> > > > + if (line_len == output_size - 1) {
> > > > + av_log(s, AV_LOG_ERROR, "youtube-dl output to large\n");
> > > > + ret = AVERROR_INVALIDDATA;
> > > > + goto err_unlink_output;
> > > > + }
> > > > + output[line_len] = '\0';
> > > > + ret = 0;
> > > > +
> > > > + err_unlink_output:
> > > > + unlink(output_filename);
> > > > + av_free(output_filename);
> > > > + return ret;
> > > > +}
> > > > +
> > > > +static int youtubedl_read_header(AVFormatContext *s)
> > > > +{
> > > > + char buffer[OUTBUF_SIZE];
> > > > + YoutubeDlContext *yc = s->priv_data;
> > > > + char *media_url, *pagetitle;
> > > > + int ret, i;
> > > > +
> > > > + snprintf(buffer, sizeof(buffer), "youtube-dl -e '%s'",
> > > > s->filename);
> > > > + ret = youtubedl_get_output(buffer, sizeof(buffer), s, buffer);
> > > > + pagetitle = ret < 0 ? NULL : av_strdup(buffer);
> > > > +
> > > > + snprintf(buffer, sizeof(buffer), "youtube-dl -f %s -g '%s'",
> > > > + yc->format, s->filename);
> > > > + ret = youtubedl_get_output(buffer, sizeof(buffer), s, buffer);
> > > > + if (ret < 0)
> > > > + goto err_free_pagetitle;
> > > > + media_url = av_strdup(buffer);
> > > > +
> > > > + yc->fmtctx = avformat_alloc_context();
> > > > +
> > > > + if ((ret = ff_copy_whitelists(yc->fmtctx, s)) < 0)
> > > > + goto err_free_context;
> > > > +
> > > > + ret = avformat_open_input(&yc->fmtctx, media_url, NULL, NULL);
> > > > + if (ret < 0)
> > > > + goto err_free_media_url;
> > > > +
> > > > + ret = avformat_find_stream_info(yc->fmtctx, NULL);
> > > > + if (ret < 0)
> > > > + goto err_free_media_url;
> > > > +
> > > > + if (pagetitle && pagetitle[0])
> > > > + av_dict_set(&s->metadata, "title", pagetitle, 0);
> > > > +
> > > > + for (i = 0; i < yc->fmtctx->nb_streams; i++) {
> > > > + AVStream *st = avformat_new_stream(s, NULL);
> > > > + AVStream *ist = yc->fmtctx->streams[i];
> > > > + if (!st) {
> > > > + ret = AVERROR(ENOMEM);
> > > > + goto err_close_input;
> > > > + }
> > > > + avpriv_set_pts_info(st, ist->pts_wrap_bits,
> > > > ist->time_base.num, ist->time_base.den);
> > > > + avcodec_copy_context(st->codec, yc->fmtctx->streams[i]->codec);
> > > > + }
> > > > + s->duration = yc->fmtctx->duration;
> > > > + s->start_time = yc->fmtctx->start_time;
> > > > + s->bit_rate = yc->fmtctx->bit_rate;
> > > > +
> > > > + return 0;
> > > > +
> > > > + err_close_input:
> > > > + avformat_close_input(&yc->fmtctx);
> > > > + err_free_media_url:
> > > > + av_free(media_url);
> > > > + err_free_pagetitle:
> > > > + av_free(pagetitle);
> > > > + return ret;
> > > > +
> > > > + err_free_context:
> > > > + avformat_free_context(yc->fmtctx);
> > > > + goto err_free_media_url;
> > > > +}
> > > > +
> > > > +static int youtubedl_read_packet(AVFormatContext *s, AVPacket *pkt)
> > > > +{
> > > > + YoutubeDlContext *yc = s->priv_data;
> > > > + return av_read_frame(yc->fmtctx, pkt);
> > > > +}
> > > > +
> > > > +static int youtubedl_read_seek(AVFormatContext *s, int stream_index,
> > > > int64_t timestamp, int flags)
> > > > +{
> > > > + YoutubeDlContext *yc = s->priv_data;
> > > > + return av_seek_frame(yc->fmtctx, stream_index, timestamp, flags);
> > > > +}
> > > > +
> > > > +static int youtubedl_probe(AVProbeData *p)
> > > > +{
> > > > + char buffer[OUTBUF_SIZE];
> > > > + int ret;
> > > > +
> > > > + snprintf(buffer, sizeof(buffer),
> > > > + "youtube-dl --match-filter 'extractor != generic' -g '%s'",
> > > > + p->filename);
> > > > + ret = youtubedl_get_output(buffer, sizeof(buffer), NULL, buffer);
> > > > +
> > > > + return ret == 0 ? AVPROBE_SCORE_EXTENSION : 0;
> > > > +}
> > > > +
> > > > +AVInputFormat ff_youtubedl_demuxer = {
> > > > + .name = "youtubedl",
> > > > + .long_name = NULL_IF_CONFIG_SMALL("youtubedl demuxer"),
> > > > + .priv_data_size = sizeof(YoutubeDlContext),
> > > > + .read_probe = youtubedl_probe,
> > > > + .read_header = youtubedl_read_header,
> > > > + .read_packet = youtubedl_read_packet,
> > > > + .read_close = youtubedl_close,
> > > > + .read_seek = youtubedl_read_seek,
> > > > + .priv_class = &youtubedl_context_class,
> > > > + .flags = AVFMT_NOFILE,
> > > > +};
> > >
> > > Nice security hole.
> >
> > how is that ? I do not see any buffer overflow possible.
> >
>
> Probably something like: ffplay "http://' rm -rf #"
Yeah, ok, got it, scrap that patch. If we want to do that, we should
check that the input do not contain a '.That is starting to be
cumbersome.
--
Gilles.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
