[FFmpeg-cvslog] avformat/url: check url root node when rel include double dot and trim double dot
Steven Liu
git at videolan.org
Wed May 6 07:01:50 EEST 2020
ffmpeg | branch: master | Steven Liu <lq at chinaffmpeg.org> | Wed Apr 29 12:50:57 2020 +0800| [648051f07cffd0d91c89dc6706e3d0d6a286de43] | committer: Steven Liu
avformat/url: check url root node when rel include double dot and trim double dot
fix ticket: 8625
and add testcase into url for double dot corner case
Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=648051f07cffd0d91c89dc6706e3d0d6a286de43
---
libavformat/tests/url.c | 5 ++++
libavformat/url.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++---
tests/ref/fate/url | 5 ++++
3 files changed, 83 insertions(+), 4 deletions(-)
diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c
index 5e484fd428..1d961a1b43 100644
--- a/libavformat/tests/url.c
+++ b/libavformat/tests/url.c
@@ -56,6 +56,7 @@ int main(void)
test("/foo/bar", "baz");
test("/foo/bar", "../baz");
test("/foo/bar", "/baz");
+ test("/foo/bar", "../../../baz");
test("http://server/foo/", "baz");
test("http://server/foo/bar", "baz");
test("http://server/foo/", "../baz");
@@ -65,6 +66,10 @@ int main(void)
test("http://server/foo/bar?param=value/with/slashes", "/baz");
test("http://server/foo/bar?param&otherparam", "?someparam");
test("http://server/foo/bar", "//other/url");
+ test("http://server/foo/bar", "../../../../../other/url");
+ test("http://server/foo/bar", "/../../../../../other/url");
+ test("http://server/foo/bar", "/test/../../../../../other/url");
+ test("http://server/foo/bar", "/test/../../test/../../../other/url");
printf("\nTesting av_url_split:\n");
test2("/foo/bar");
diff --git a/libavformat/url.c b/libavformat/url.c
index 596fb49cfc..7cd9e0c705 100644
--- a/libavformat/url.c
+++ b/libavformat/url.c
@@ -21,6 +21,7 @@
#include "avformat.h"
+#include "internal.h"
#include "config.h"
#include "url.h"
#if CONFIG_NETWORK
@@ -77,10 +78,53 @@ int ff_url_join(char *str, int size, const char *proto,
return strlen(str);
}
+static void trim_double_dot_url(char *buf, const char *rel, int size)
+{
+ const char *p = rel;
+ const char *root = rel;
+ char tmp_path[MAX_URL_SIZE] = {0, };
+ char *sep;
+ char *node;
+
+ /* Get the path root of the url which start by "://" */
+ if (p && (sep = strstr(p, "://"))) {
+ sep += 3;
+ root = strchr(sep, '/');
+ }
+
+ /* set new current position if the root node is changed */
+ p = root;
+ while (p && (node = strstr(p, ".."))) {
+ av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
+ p = node + 3;
+ sep = strrchr(tmp_path, '/');
+ if (sep)
+ sep[0] = '\0';
+ else
+ tmp_path[0] = '\0';
+ }
+
+ if (!av_stristart(p, "/", NULL) && root != rel)
+ av_strlcat(tmp_path, "/", size);
+
+ av_strlcat(tmp_path, p, size);
+ /* start set buf after temp path process. */
+ av_strlcpy(buf, rel, root - rel + 1);
+
+ if (!av_stristart(tmp_path, "/", NULL) && root != rel)
+ av_strlcat(buf, "/", size);
+
+ av_strlcat(buf, tmp_path, size);
+}
+
void ff_make_absolute_url(char *buf, int size, const char *base,
const char *rel)
{
char *sep, *path_query;
+ char *root, *p;
+ char tmp_path[MAX_URL_SIZE];
+
+ memset(tmp_path, 0, sizeof(tmp_path));
/* Absolute path, relative to the current server */
if (base && strstr(base, "://") && rel[0] == '/') {
if (base != buf)
@@ -99,11 +143,14 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
}
}
av_strlcat(buf, rel, size);
+ trim_double_dot_url(tmp_path, buf, size);
+ memset(buf, 0, size);
+ av_strlcpy(buf, tmp_path, size);
return;
}
/* If rel actually is an absolute url, just copy it */
if (!base || strstr(rel, "://") || rel[0] == '/') {
- av_strlcpy(buf, rel, size);
+ trim_double_dot_url(buf, rel, size);
return;
}
if (base != buf)
@@ -117,19 +164,38 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
/* Is relative path just a new query part? */
if (rel[0] == '?') {
av_strlcat(buf, rel, size);
+ trim_double_dot_url(tmp_path, buf, size);
+ memset(buf, 0, size);
+ av_strlcpy(buf, tmp_path, size);
return;
}
+ root = p = buf;
+ /* Get the path root of the url which start by "://" */
+ if (p && strstr(p, "://")) {
+ sep = strstr(p, "://");
+ if (sep) {
+ sep += 3;
+ root = strchr(sep, '/');
+ }
+ }
+
/* Remove the file name from the base url */
sep = strrchr(buf, '/');
+ if (sep <= root)
+ sep = root;
+
if (sep)
sep[1] = '\0';
else
buf[0] = '\0';
- while (av_strstart(rel, "../", NULL) && sep) {
+ while (av_strstart(rel, "..", NULL) && sep) {
/* Remove the path delimiter at the end */
- sep[0] = '\0';
- sep = strrchr(buf, '/');
+ if (sep > root) {
+ sep[0] = '\0';
+ sep = strrchr(buf, '/');
+ }
+
/* If the next directory name to pop off is "..", break here */
if (!strcmp(sep ? &sep[1] : buf, "..")) {
/* Readd the slash we just removed */
@@ -144,6 +210,9 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
rel += 3;
}
av_strlcat(buf, rel, size);
+ trim_double_dot_url(tmp_path, buf, size);
+ memset(buf, 0, size);
+ av_strlcpy(buf, tmp_path, size);
}
AVIODirEntry *ff_alloc_dir_entry(void)
diff --git a/tests/ref/fate/url b/tests/ref/fate/url
index 980b2ce1f9..533ba2cb1e 100644
--- a/tests/ref/fate/url
+++ b/tests/ref/fate/url
@@ -3,6 +3,7 @@ Testing ff_make_absolute_url:
/foo/bar baz => /foo/baz
/foo/bar ../baz => /baz
/foo/bar /baz => /baz
+ /foo/bar ../../../baz => /baz
http://server/foo/ baz => http://server/foo/baz
http://server/foo/bar baz => http://server/foo/baz
http://server/foo/ ../baz => http://server/baz
@@ -12,6 +13,10 @@ Testing ff_make_absolute_url:
http://server/foo/bar?param=value/with/slashes /baz => http://server/baz
http://server/foo/bar?param&otherparam ?someparam => http://server/foo/bar?someparam
http://server/foo/bar //other/url => http://other/url
+ http://server/foo/bar ../../../../../other/url => http://server/other/url
+ http://server/foo/bar /../../../../../other/url => http://server/other/url
+ http://server/foo/bar /test/../../../../../other/url => http://server/other/url
+ http://server/foo/bar /test/../../test/../../../other/url => http://server/other/url
Testing av_url_split:
/foo/bar => -1 /foo/bar
More information about the ffmpeg-cvslog
mailing list