[FFmpeg-devel] [RFC] Getting options from the file name
Nicolas George
nicolas.george at normalesup.org
Thu Dec 29 18:34:20 CET 2011
Le nonidi 9 nivôse, an CCXX, Reimar Döffinger a écrit :
> Wait, where do you intend to parse this?
My idea was near the top of avcodec_open_input, and only if no dictionary is
already supplied.
> If in general I am very sceptical about this, with the load of options
> that exist I see a serious chance that this will open exploitable issues
> in applications that read playlists from some (non-trustworthy) remote
> location and pass those directly in into ffmpeg/libavformat/...
> Even if they are of the more thorough kind and do some basic validation
> of the URLs they might not catch this new syntax.
What kind of exploit do you have in mind? Demuxers and decoders do not have
a lot of options, in fact, and most of them are there to set the sample rate
or the frame size, or tweak some coefficients.
Security-wise, the risks are IMHO:
- Being able to specify a network protocol: I do not intend to change that;
in fact, quite the contrary, I want the option syntax to look really like
a protocol.
- Being able to set some protocol options (doing an HTTP POST): this is
already possible.
- Being able to access some hardware device: I am not sure, maybe a concern.
OTOH, changing demuxer or decoder options should really not be a problem. Or
else, the problem could probably also be triggered by specially crafted
file.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111229/c3577103/attachment.asc>
More information about the ffmpeg-devel
mailing list