RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
ffmpeg/libavformat
History
Michael Niedermayer 189ff42196 avformat/hls: Check local file extensions 
This reduces the attack surface of local file-system
information leaking.

It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.

Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.

The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.

Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel

This recommits the security fix without the author name joke which was
originally requested by Nicolas.

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 		2017-06-05 13:55:01 +02:00
..
tests
.gitignore
3dostr.c
4xm.c
Makefile lavf: remove the libnut library wrapper 2017-05-29 20:15:58 +01:00
a64.c
aacdec.c avformat/aacdec: add a custom read_packet function 2017-06-04 11:52:02 -03:00
aadec.c
ac3dec.c
acm.c
act.c
adp.c
ads.c
adtsenc.c avcodec/adtsenc: check packet side data for AAC extradata updates 2017-05-24 20:28:00 -03:00
adxdec.c
aea.c
afc.c
aiff.h
aiffdec.c
aiffenc.c
aixdec.c
allformats.c lavf: remove the libnut library wrapper 2017-05-29 20:15:58 +01:00
amr.c
anm.c
apc.c
ape.c
apetag.c
apetag.h
apngdec.c
apngenc.c
aqtitledec.c
asf.c
asf.h
asfcrypt.c
asfcrypt.h
asfdec_f.c
asfdec_o.c
asfenc.c
assdec.c
assenc.c
ast.c
ast.h
astdec.c
astenc.c
async.c
au.c
audiointerleave.c
audiointerleave.h
avc.c
avc.h
avformat.h
avformatres.rc
avi.h
avidec.c avformat/avidec: Limit formats in gab2 to srt and ass/ssa 2017-05-31 02:32:42 +02:00
avienc.c
avio.c
avio.h Merge commit '3f75e5116b900f1428aa13041fc7d6301bf1988a' 2017-04-13 19:49:20 -03:00
avio_internal.h
aviobuf.c avformat/aviobuf: Only downscale the buffer once it has been used 2017-05-19 21:14:26 +02:00
avisynth.c
avlanguage.c
avlanguage.h
avr.c
avs.c
bethsoftvid.c
bfi.c
bink.c
bintext.c
bit.c
bluray.c
bmv.c
boadec.c
brstm.c
c93.c
cache.c
caf.c
caf.h
cafdec.c
cafenc.c
cavsvideodec.c
cdg.c
cdxl.c
chromaprint.c
cinedec.c
concat.c
concatdec.c lavf/concatdec: do not transfer custom IO flag 2017-05-22 16:55:30 +02:00
crcenc.c
crypto.c
cutils.c
dashenc.c Merge commit 'e519dcd937c7c98815ba9884867590e302272016' 2017-05-20 16:55:22 +02:00
data_uri.c
dauddec.c
daudenc.c
dcstr.c
dfa.c
diracdec.c
dnxhddec.c
dsfdec.c
dsicin.c
dss.c
dtsdec.c
dtshddec.c
dump.c
dv.c
dv.h
dvbsub.c
dvbtxt.c
dvenc.c
dxa.c
eacdata.c
electronicarts.c
epafdec.c
ffm.h
ffmdec.c
ffmenc.c
ffmeta.h
ffmetadec.c
ffmetaenc.c
fifo.c
file.c
file_open.c
filmstripdec.c
filmstripenc.c
flac_picture.c
flac_picture.h
flacdec.c
flacenc.c
flacenc.h
flacenc_header.c
flic.c
flv.h
flvdec.c
flvenc.c
format.c
framecrcenc.c
framehash.c
frmdec.c
fsb.c
ftp.c
g722.c
g723_1.c
g729dec.c
genh.c
gif.c
gifdec.c
golomb_tab.c
gopher.c
gsmdec.c
gxf.c
gxf.h
gxfenc.c
h261dec.c
h263dec.c
h264dec.c
hashenc.c
hdsenc.c
hevc.c
hevc.h
hevcdec.c
hls.c avformat/hls: Check local file extensions 2017-06-05 13:55:01 +02:00
hlsenc.c avformat/hlsenc: move old_filename free operation earlier 2017-05-11 10:15:08 +08:00
hlsproto.c
hnm.c
http.c libavformat/http: Ignore expired cookies 2017-05-01 17:55:22 +02:00
http.h
httpauth.c
httpauth.h
icecast.c
icodec.c
icoenc.c
id3v1.c
id3v1.h
id3v2.c avformat/id3v2: Use ffio_ensure_seekback() in id3v2_read_internal() 2017-05-19 21:14:26 +02:00
id3v2.h
id3v2enc.c
idcin.c
idroqdec.c
idroqenc.c
iff.c
ilbc.c
img2.c lavf/img2: Add svg and svgz to allow reading image sequences. 2017-05-22 01:09:21 +02:00
img2.h
img2_alias_pix.c
img2_brender_pix.c
img2dec.c lavf/img2: Add svg and svgz to allow reading image sequences. 2017-05-22 01:09:21 +02:00
img2enc.c
ingenientdec.c
internal.h
ipmovie.c
ircam.c
ircam.h
ircamdec.c
ircamenc.c
isom.c lavf/isom: Remove codec point for WMAv2 that has never worked. 2017-04-12 22:53:21 +02:00
isom.h avformat/mov: add support for reading Content Light Level Box 2017-05-27 16:14:24 -03:00
iss.c
iv8.c
ivfdec.c
ivfenc.c
jacosubdec.c
jacosubenc.c
jvdec.c
latmenc.c avformat/latmenc: check packet side data for AAC extradata updates 2017-05-24 20:28:00 -03:00
libavformat.v
libgme.c
libmodplug.c
libopenmpt.c
librtmp.c
libsmbclient.c
libssh.c
lmlm4.c
loasdec.c
log2_tab.c
lrc.c
lrc.h
lrcdec.c
lrcenc.c
lvfdec.c
lxfdec.c
m4vdec.c
matroska.c
matroska.h
matroskadec.c avformat/matroskadec: fix resource leak 2017-05-07 11:29:08 +08:00
matroskaenc.c avformat/matroskaenc: also write chapters when output is WebM 2017-06-02 20:44:53 -03:00
md5proto.c
metadata.c
metadata.h
mgsts.c
microdvddec.c
microdvdenc.c
mj2kdec.c
mkvtimestamp_v2.c
mlpdec.c
mlvdec.c
mm.c
mmf.c
mms.c
mms.h
mmsh.c
mmst.c
mov.c avformat/mov: add support for reading Content Light Level Box 2017-05-27 16:14:24 -03:00
mov_chan.c
mov_chan.h
movenc.c movenc: encryption with time code track fix 2017-05-28 03:05:59 +02:00
movenc.h
movenccenc.c
movenccenc.h
movenchint.c
mp3dec.c
mp3enc.c
mpc.c
mpc8.c
mpeg.c
mpeg.h
mpegenc.c
mpegts.c
mpegts.h
mpegtsenc.c
mpegvideodec.c
mpjpeg.c
mpjpegdec.c
mpl2dec.c
mpsubdec.c
msf.c
msnwc_tcp.c
mtaf.c
mtv.c
musx.c
mux.c avformat/mux: Fix copy an paste typo 2017-05-27 04:21:34 +02:00
mvdec.c
mvi.c
mxf.c
mxf.h
mxfdec.c
mxfenc.c
mxg.c
ncdec.c
network.c libavformat/tcp: fix return code for tcp_accept 2017-05-10 14:00:20 +02:00
network.h
nistspheredec.c
nsvdec.c
nullenc.c
nut.c
nut.h
nutdec.c lavf/nutdec: Fix an impossible condition, regression since e0c53c34. 2017-05-02 08:43:12 +02:00
nutenc.c
nuv.c
oggdec.c
oggdec.h
oggenc.c
oggparsecelt.c
oggparsedaala.c
oggparsedirac.c
oggparseflac.c
oggparseogm.c avformat/oggparseogm: Check ff_alloc_extradata() for failure 2017-04-11 21:28:26 +02:00
oggparseopus.c
oggparseskeleton.c
oggparsespeex.c
oggparsetheora.c
oggparsevorbis.c
oggparsevp8.c
oma.c
oma.h
omadec.c
omaenc.c
options.c avformat/options: log filename on open 2017-06-03 23:14:04 +02:00
options_table.h
os_support.c
os_support.h
paf.c
pcm.c
pcm.h
pcmdec.c
pcmenc.c
pjsdec.c
pmpdec.c
prompeg.c
protocols.c
psxstr.c
pva.c
pvfdec.c
qcp.c
qtpalette.c
qtpalette.h
r3d.c
rawdec.c
rawdec.h
rawenc.c
rawenc.h
rawutils.c
rawvideodec.c
rdt.c
rdt.h
realtextdec.c
redspark.c
replaygain.c
replaygain.h
riff.c lavf/riff: Support more vlc fourcc's for 12 and 16 bit yuv4xx. 2017-05-21 23:39:54 +02:00
riff.h
riffdec.c
riffenc.c
rl2.c
rm.c
rm.h
rmdec.c
rmenc.c
rmsipr.c
rmsipr.h
rpl.c
rsd.c
rso.c
rso.h
rsodec.c
rsoenc.c
rtmp.h
rtmpcrypt.c
rtmpcrypt.h
rtmpdh.c
rtmpdh.h
rtmphttp.c
rtmppkt.c Merge commit 'a4fec9a7eab842ea5eea1b1ee98624356cb31422' 2017-04-26 16:36:13 +02:00
rtmppkt.h
rtmpproto.c rtmpproto: send swfverify value as swfurl if latter is unused 2017-05-07 00:57:08 +02:00
rtp.c
rtp.h
rtpdec.c
rtpdec.h
rtpdec_ac3.c
rtpdec_amr.c
rtpdec_asf.c
rtpdec_dv.c
rtpdec_formats.h
rtpdec_g726.c
rtpdec_h261.c
rtpdec_h263.c
rtpdec_h263_rfc2190.c
rtpdec_h264.c
rtpdec_hevc.c
rtpdec_ilbc.c
rtpdec_jpeg.c
rtpdec_latm.c
rtpdec_mpa_robust.c
rtpdec_mpeg4.c
rtpdec_mpeg12.c
rtpdec_mpegts.c
rtpdec_qcelp.c
rtpdec_qdm2.c
rtpdec_qt.c
rtpdec_rfc4175.c
rtpdec_svq3.c
rtpdec_vc2hq.c
rtpdec_vp8.c
rtpdec_vp9.c
rtpdec_xiph.c
rtpenc.c
rtpenc.h
rtpenc_aac.c
rtpenc_amr.c
rtpenc_chain.c
rtpenc_chain.h
rtpenc_h261.c
rtpenc_h263.c
rtpenc_h263_rfc2190.c
rtpenc_h264_hevc.c
rtpenc_jpeg.c
rtpenc_latm.c
rtpenc_mpegts.c
rtpenc_mpv.c
rtpenc_vc2hq.c
rtpenc_vp8.c
rtpenc_vp9.c
rtpenc_xiph.c
rtpproto.c
rtpproto.h
rtsp.c
rtsp.h
rtspcodes.h
rtspdec.c
rtspenc.c
samidec.c
sapdec.c
sapenc.c
sauce.c
sauce.h
sbgdec.c
sccdec.c
sccenc.c
sctp.c
sdp.c
sdr2.c
sdsdec.c
sdxdec.c
segafilm.c
segment.c
shortendec.c
sierravmd.c
siff.c
smacker.c
smjpeg.c
smjpeg.h
smjpegdec.c
smjpegenc.c
smoothstreamingenc.c
smush.c
sol.c
sox.h
soxdec.c
soxenc.c
spdif.c
spdif.h
spdifdec.c
spdifenc.c
srtdec.c
srtenc.c
srtp.c
srtp.h
srtpproto.c
stldec.c
subfile.c
subtitles.c
subtitles.h
subviewer1dec.c
subviewerdec.c
supdec.c
svag.c
swf.c
swf.h
swfdec.c
swfenc.c
takdec.c
tcp.c libavformat/tcp: fix return code for tcp_accept 2017-05-10 14:00:20 +02:00
tedcaptionsdec.c
tee.c
tee_common.c
tee_common.h
teeproto.c
thp.c
tiertexseq.c
tls.c
tls.h
tls_gnutls.c
tls_openssl.c
tls_schannel.c avformat/tls_schannel: log unknown error codes 2017-05-31 12:07:43 +02:00
tls_securetransport.c
tmv.c
tta.c
ttaenc.c
tty.c
txd.c
udp.c
uncodedframecrcenc.c avformat: do not use AVFrame accessor 2017-04-23 14:30:53 +07:00
unix.c
url.c
url.h
urldecode.c
urldecode.h
utils.c avformat/utils: change bitrate to int64_t in av_find_best_stream 2017-06-04 15:02:53 +02:00
v210.c
vag.c
vc1dec.c
vc1test.c
vc1testenc.c
version.h Merge commit '3f75e5116b900f1428aa13041fc7d6301bf1988a' 2017-04-13 19:49:20 -03:00
vivo.c
voc.c
voc.h
voc_packet.c
vocdec.c
vocenc.c
vorbiscomment.c
vorbiscomment.h
vpcc.c movenc/isom: update vpcC box to version 1.0 of the specification 2017-05-16 01:53:05 +02:00
vpcc.h
vpk.c
vplayerdec.c
vqf.c
w64.c
w64.h
wavdec.c avformat/wavdec: Check chunk_size 2017-05-10 15:21:17 +02:00
wavenc.c
wc3movie.c
webm_chunk.c
webmdashenc.c avformat/webmdashenc: Validate the 'streams' adaptation sets parameter 2017-04-20 18:07:32 +02:00
webpenc.c
webvttdec.c
webvttenc.c
westwood_aud.c
westwood_vqa.c
wsddec.c
wtv.h
wtv_common.c
wtvdec.c
wtvenc.c
wv.c
wv.h
wvdec.c
wvedec.c
wvenc.c
xa.c
xmv.c
xvag.c
xwma.c
yop.c
yuv4mpeg.h
yuv4mpegdec.c
yuv4mpegenc.c