RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2024-12-14 11:14:44 +00:00
Code Issues Projects Releases Wiki Activity

Do not attempt to open references through absolute pathes.

Browse Source 
This would allow an attacker to test remotely if a local file exists.

Originally committed as revision 21925 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Michael Niedermayer 2010-02-20 22:48:09 +00:00
parent e4a35244fa
commit 6a2459059e
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavformat/mov.c
View File

@ -1556,11 +1556,8 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref) static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
{ {
/* try absolute path */ /* try relative path, we do not try the absolute because it can leak information about our
if (!url_fopen(pb, ref->path, URL_RDONLY)) system to an attacker */
return 0;
/* try relative path */
if (ref->nlvl_to > 0 && ref->nlvl_from > 0) { if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
char filename[1024]; char filename[1024];
char *src_path; char *src_path;