[FFmpeg-devel] [RFC] Getting options from the file name

Nicolas George nicolas.george at normalesup.org
Thu Dec 29 18:34:20 CET 2011


Le nonidi 9 nivôse, an CCXX, Reimar Döffinger a écrit :
> Wait, where do you intend to parse this?

My idea was near the top of avcodec_open_input, and only if no dictionary is
already supplied.

> If in general I am very sceptical about this, with the load of options
> that exist I see a serious chance that this will open exploitable issues
> in applications that read playlists from some (non-trustworthy) remote
> location and pass those directly in into ffmpeg/libavformat/...
> Even if they are of the more thorough kind and do some basic validation
> of the URLs they might not catch this new syntax.

What kind of exploit do you have in mind? Demuxers and decoders do not have
a lot of options, in fact, and most of them are there to set the sample rate
or the frame size, or tweak some coefficients.

Security-wise, the risks are IMHO:

- Being able to specify a network protocol: I do not intend to change that;
  in fact, quite the contrary, I want the option syntax to look really like
  a protocol.

- Being able to set some protocol options (doing an HTTP POST): this is
  already possible.

- Being able to access some hardware device: I am not sure, maybe a concern.

OTOH, changing demuxer or decoder options should really not be a problem. Or
else, the problem could probably also be triggered by specially crafted
file.

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111229/c3577103/attachment.asc>


More information about the ffmpeg-devel mailing list