Le quintidi 5 fructidor, an CCXXIII, Stephan Holljes a écrit :
> Signed-off-by: Stephan Holljes <klaxa1...@googlemail.com>
> ---
> libavformat/http.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/libavformat/http.c b/libavformat/http.c
> index fba87ac..064239b 100644
> --- a/libavformat/http.c
> +++ b/libavformat/http.c
> @@ -48,6 +48,7 @@
> #define MAX_REDIRECTS 8
> #define HTTP_SINGLE 1
> #define HTTP_MUTLI 2
> +#define MAX_HEADER_LINES 100
> typedef enum {
> LOWER_PROTO,
> READ_HEADERS,
> @@ -69,6 +70,8 @@ typedef struct HTTPContext {
> HTTPAuthState auth_state;
> HTTPAuthState proxy_auth_state;
> char *headers;
> + AVDictionary *headers_dict;
> + int nb_headers;
> char *mime_type;
> char *user_agent;
> char *content_type;
> @@ -128,6 +131,7 @@ static const AVOption options[] = {
> { "seekable", "control seekability of connection", OFFSET(seekable),
> AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 1, D },
> { "chunked_post", "use(s) chunked transfer-encoding for posts",
> OFFSET(chunked_post), AV_OPT_TYPE_INT, { .i64 = 1 }, 0, 1, D | E },
> { "headers", "set custom HTTP headers, can override built in default
> headers", OFFSET(headers), AV_OPT_TYPE_STRING, { 0 }, 0, 0, D | E },
> + { "headers_dict", "Contains the parsed headers as a dictionary.",
> OFFSET(headers_dict), AV_OPT_TYPE_DICT, { 0 }, 0, 0, AV_OPT_FLAG_EXPORT | D |
> E },
> { "content_type", "set a specific content type for the POST messages",
> OFFSET(content_type), AV_OPT_TYPE_STRING, { 0 }, 0, 0, D | E },
> { "body", "set the body of a simple HTTP reply", OFFSET(body),
> AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, E },
> { "user_agent", "override User-Agent header", OFFSET(user_agent),
> AV_OPT_TYPE_STRING, { .str = DEFAULT_USER_AGENT }, 0, 0, D },
> @@ -910,6 +914,14 @@ static int process_line(URLContext *h, char *line, int
> line_count,
> return AVERROR(ENOMEM);
> }
> }
> + if (s->nb_headers < MAX_HEADER_LINES) {
> + if (av_dict_get(s->headers_dict, tag, NULL, 0)) {
> + av_dict_set(&s->headers_dict, tag, ",", AV_DICT_APPEND);
> + av_dict_set(&s->headers_dict, tag, p, AV_DICT_APPEND);
> + } else
> + av_dict_set(&s->headers_dict, tag, p, 0);
> + s->nb_headers++;
> + }
Nit: the usual coding style for FFmpeg is to put braces on both the if
clause and the else clause if one of them needs them.
This version has a more severe problem: it stores everything sent by the
client without a limit if it is given in duplicated headers. A malicious
client could exhaust the server's memory by sending endless similar headers.
I strongly suggest to limit both the total number of different headers as
you already do and the (approximate) total size of the headers data.
> return 1;
> }
>
> @@ -1032,6 +1044,7 @@ static int http_read_header(URLContext *h, int
> *new_location)
> int err = 0;
>
> s->chunksize = -1;
> + s->nb_headers = 0;
>
> for (;;) {
> if ((err = http_get_line(s, line, sizeof(line))) < 0)
Note: I write this mail assuming you intend to continue working on the
project in your free time. Of course, whether you decide to or not does not
affect the outcome of the GsoC evaluation.
Regards,
--
Nicolas George
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
