Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-29 Thread Andreas Cadhalpun
On 28.01.2016 20:16, Nicolas George wrote: > Well, since we are sure there are more information leak issues in this area > of code, we can still discuss a proper fix before the next one becomes > public. > > A few unsorted thoughts about it: > > - Restrictions can not be limited to just the proto

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-28 Thread Nicolas George
L'octidi 8 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > a fix, good or not that isnt implemented is useless > > I am not really attracted to the design you suggest, to me its worse > in several ways but above all its alot more work. So I dont volunteer > > to elaborate and avoid misuderst

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-27 Thread Michael Niedermayer
On Wed, Jan 27, 2016 at 02:04:06PM +0100, Michael Niedermayer wrote: > On Sun, Jan 24, 2016 at 07:39:18PM +0100, Nicolas George wrote: > > Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : [...] > > > > > another problem of the struct is that depending on from which lib > > > the pr

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-27 Thread Michael Niedermayer
On Sun, Jan 24, 2016 at 07:39:18PM +0100, Nicolas George wrote: > Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > > the argument is added, not out of strict need, (there already is a > > AVDictionary that can be used) but to make it clear that the author > > set the whitelist cor

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-25 Thread Andreas Cadhalpun
On 24.01.2016 21:32, Nicolas George wrote: > Le quintidi 5 pluviôse, an CCXXIV, Andreas Cadhalpun a écrit : >> No. It would have prevented the issue with hls. > > Reacting to known attacks by ad-hoc hole-plugging is no way of building > proper security. The ad-hoc fix was the change done in the h

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Nicolas George
Le quintidi 5 pluviôse, an CCXXIV, Andreas Cadhalpun a écrit : > No. It would have prevented the issue with hls. Reacting to known attacks by ad-hoc hole-plugging is no way of building proper security. > But it's usually only used with local files. I do not know that. Do you? > Why not? Becaus

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Andreas Cadhalpun
On 24.01.2016 20:20, Nicolas George wrote: > Le quintidi 5 pluviôse, an CCXXIV, Andreas Cadhalpun a écrit : >> The idea is to classify protocols as local (file, concat) or remote (http, >> tcp). > > I am sorry, but this is completely broken. No. It would have prevented the issue with hls. > Fir

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Nicolas George
Le quintidi 5 pluviôse, an CCXXIV, Andreas Cadhalpun a écrit : > The idea is to classify protocols as local (file, concat) or remote (http, > tcp). I am sorry, but this is completely broken. First, concat is not local. Second, local/remote is not a relevant distinction for security. Any design m

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Andreas Cadhalpun
On 24.01.2016 16:03, Michael Niedermayer wrote: > On Sun, Jan 24, 2016 at 03:37:24PM +0100, Andreas Cadhalpun wrote: >> On 24.01.2016 03:42, Michael Niedermayer wrote: >>> From: Michael Niedermayer >>> diff --git a/libavformat/avformat.h b/libavformat/avformat.h >>> index 4964263..2fb9130 100644 >

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Nicolas George
Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > the argument is added, not out of strict need, (there already is a > AVDictionary that can be used) but to make it clear that the author > set the whitelist correctly. Also it simplifies the code compared > to using the AVDictionary

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Michael Niedermayer
On Sun, Jan 24, 2016 at 04:03:40PM +0100, Michael Niedermayer wrote: > On Sun, Jan 24, 2016 at 03:37:24PM +0100, Andreas Cadhalpun wrote: > > On 24.01.2016 03:42, Michael Niedermayer wrote: [...] > > > if ((ret = av_opt_set_dict(*puc, options)) < 0) > > > goto fail; > > > + > > > +

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Michael Niedermayer
On Sun, Jan 24, 2016 at 03:37:24PM +0100, Andreas Cadhalpun wrote: > On 24.01.2016 03:42, Michael Niedermayer wrote: > > From: Michael Niedermayer > > > > TODO: Docs > > TODO: version bump > > > > Note to maintainers: update tools > > > > Note, testing and checking for missing changes is needed

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Andreas Cadhalpun
On 24.01.2016 03:42, Michael Niedermayer wrote: > From: Michael Niedermayer > > TODO: Docs > TODO: version bump > > Note to maintainers: update tools > > Note, testing and checking for missing changes is needed > > Signed-off-by: Michael Niedermayer > --- > ffmpeg_opt.c

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Michael Niedermayer
On Sun, Jan 24, 2016 at 01:56:51PM +0100, Nicolas George wrote: > Le quintidi 5 pluviôse, an CCXXIV, Clement Boesch a écrit : > > Why not an entry in the AVDictionary options? > > That could be a short-term solution to avoid introducing a new API with > ad-hoc parameters, but AVDictionary is still

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Michael Niedermayer
On Sun, Jan 24, 2016 at 12:47:59PM +0100, Nicolas George wrote: > Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > > --- a/libavformat/avio.h > > +++ b/libavformat/avio.h > > @@ -595,6 +595,10 @@ int avio_open(AVIOContext **s, const char *url, int > > flags); > > int avio_open2(

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Clément Bœsch
On Sun, Jan 24, 2016 at 01:57:05PM +0100, wm4 wrote: > On Sun, 24 Jan 2016 13:43:40 +0100 > Clément Bœsch wrote: > > > On Sun, Jan 24, 2016 at 12:47:59PM +0100, Nicolas George wrote: > > > Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > > > > --- a/libavformat/avio.h > > > >

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Nicolas George
Le quintidi 5 pluviôse, an CCXXIV, Clement Boesch a écrit : > Why not an entry in the AVDictionary options? That could be a short-term solution to avoid introducing a new API with ad-hoc parameters, but AVDictionary is still based on strings exclusively, that is very unpractical for applications.

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread wm4
On Sun, 24 Jan 2016 13:43:40 +0100 Clément Bœsch wrote: > On Sun, Jan 24, 2016 at 12:47:59PM +0100, Nicolas George wrote: > > Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > > > --- a/libavformat/avio.h > > > +++ b/libavformat/avio.h > > > @@ -595,6 +595,10 @@ int avio_open(A

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread wm4
On Sun, 24 Jan 2016 12:47:59 +0100 Nicolas George wrote: > Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > > --- a/libavformat/avio.h > > +++ b/libavformat/avio.h > > @@ -595,6 +595,10 @@ int avio_open(AVIOContext **s, const char *url, int > > flags); > > int avio_open2(AVIOC

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Clément Bœsch
On Sun, Jan 24, 2016 at 12:47:59PM +0100, Nicolas George wrote: > Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > > --- a/libavformat/avio.h > > +++ b/libavformat/avio.h > > @@ -595,6 +595,10 @@ int avio_open(AVIOContext **s, const char *url, int > > flags); > > int avio_open2(

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-24 Thread Nicolas George
Le quintidi 5 pluviôse, an CCXXIV, Michael Niedermayer a écrit : > --- a/libavformat/avio.h > +++ b/libavformat/avio.h > @@ -595,6 +595,10 @@ int avio_open(AVIOContext **s, const char *url, int > flags); > int avio_open2(AVIOContext **s, const char *url, int flags, > const AVIOInt

Re: [FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-23 Thread James Almer
On 1/23/2016 11:42 PM, Michael Niedermayer wrote: > diff --git a/libavformat/avio.h b/libavformat/avio.h > index c3c0b73..26c39b2 100644 > --- a/libavformat/avio.h > +++ b/libavformat/avio.h > @@ -595,6 +595,10 @@ int avio_open(AVIOContext **s, const char *url, int > flags); > int avio_open2(AVIO

[FFmpeg-devel] [PATCH 2/2] avformat: add protocol_whitelist

2016-01-23 Thread Michael Niedermayer
From: Michael Niedermayer TODO: Docs TODO: version bump Note to maintainers: update tools Note, testing and checking for missing changes is needed Signed-off-by: Michael Niedermayer --- ffmpeg_opt.c |4 ++-- libavdevice/lavfi.c |2 +- libavformat/as