[FFmpeg-cvslog] r21925 - trunk/libavformat/mov.c
michael
subversion
Sat Feb 20 23:48:09 CET 2010
Author: michael
Date: Sat Feb 20 23:48:09 2010
New Revision: 21925
Log:
Do not attempt to open references through absolute pathes.
This would allow an attacker to test remotely if a local file exists.
Modified:
trunk/libavformat/mov.c
Modified: trunk/libavformat/mov.c
==============================================================================
--- trunk/libavformat/mov.c Sat Feb 20 21:13:48 2010 (r21924)
+++ trunk/libavformat/mov.c Sat Feb 20 23:48:09 2010 (r21925)
@@ -1556,11 +1556,8 @@ static void mov_build_index(MOVContext *
static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
{
- /* try absolute path */
- if (!url_fopen(pb, ref->path, URL_RDONLY))
- return 0;
-
- /* try relative path */
+ /* try relative path, we do not try the absolute because it can leak information about our
+ system to an attacker */
if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
char filename[1024];
char *src_path;
More information about the ffmpeg-cvslog
mailing list