[FFmpeg-devel] [PATCH v3] avformat/url: check url root node when rel include double dot
Steven Liu
lq at chinaffmpeg.org
Mon Apr 27 14:16:54 EEST 2020
> 2020年4月27日 下午7:14,Nicolas George <george at nsup.org> 写道:
>
> Steven Liu (12020-04-27):
>> fix ticket: 8625
>> and add testcase into url for double dot corner case
>>
>> Signed-off-by: Steven Liu <liuqi05 at kuaishou.com>
>> ---
>> libavformat/tests/url.c | 3 +++
>> libavformat/url.c | 21 +++++++++++++++++++--
>> tests/ref/fate/url | 3 +++
>> 3 files changed, 25 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c
>> index 5e484fd428..02d0d59aa8 100644
>> --- a/libavformat/tests/url.c
>> +++ b/libavformat/tests/url.c
>> @@ -56,6 +56,7 @@ int main(void)
>> test("/foo/bar", "baz");
>> test("/foo/bar", "../baz");
>> test("/foo/bar", "/baz");
>> + test("/foo/bar", "../../../baz");
>> test("http://server/foo/", "baz");
>> test("http://server/foo/bar", "baz");
>> test("http://server/foo/", "../baz");
>> @@ -65,6 +66,8 @@ int main(void)
>> test("http://server/foo/bar?param=value/with/slashes", "/baz");
>> test("http://server/foo/bar?param&otherparam", "?someparam");
>> test("http://server/foo/bar", "//other/url");
>> + test("http://server/foo/bar", "../../../../../other/url");
>> + test("http://server/foo/bar", "/../../../../../other/url");
>>
>> printf("\nTesting av_url_split:\n");
>> test2("/foo/bar");
>> diff --git a/libavformat/url.c b/libavformat/url.c
>> index 596fb49cfc..0aa50ab9a7 100644
>> --- a/libavformat/url.c
>> +++ b/libavformat/url.c
>> @@ -81,6 +81,7 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
>> const char *rel)
>> {
>> char *sep, *path_query;
>> + char *root, *p;
>> /* Absolute path, relative to the current server */
>> if (base && strstr(base, "://") && rel[0] == '/') {
>> if (base != buf)
>> @@ -120,16 +121,32 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
>> return;
>> }
>>
>> + root = p = buf;
>> + /* Get the path root of the url which start by "://" */
>> + if (p && strstr(p, "://")) {
>> + sep = strstr(p, "://");
>> + if (sep) {
>> + sep += 3;
>> + root = strchr(sep, '/');
>> + }
>> + }
>> +
>> /* Remove the file name from the base url */
>> sep = strrchr(buf, '/');
>> + if (sep <= root)
>> + sep = root;
>> +
>> if (sep)
>> sep[1] = '\0';
>> else
>> buf[0] = '\0';
>> while (av_strstart(rel, "../", NULL) && sep) {
>> /* Remove the path delimiter at the end */
>> - sep[0] = '\0';
>> - sep = strrchr(buf, '/');
>> + if (sep > root) {
>> + sep[0] = '\0';
>> + sep = strrchr(buf, '/');
>> + }
>> +
>> /* If the next directory name to pop off is "..", break here */
>> if (!strcmp(sep ? &sep[1] : buf, "..")) {
>> /* Readd the slash we just removed */
>> diff --git a/tests/ref/fate/url b/tests/ref/fate/url
>> index 980b2ce1f9..c8260a97be 100644
>> --- a/tests/ref/fate/url
>> +++ b/tests/ref/fate/url
>> @@ -3,6 +3,7 @@ Testing ff_make_absolute_url:
>> /foo/bar baz => /foo/baz
>> /foo/bar ../baz => /baz
>> /foo/bar /baz => /baz
>> + /foo/bar ../../../baz => /baz
>> http://server/foo/ baz => http://server/foo/baz
>> http://server/foo/bar baz => http://server/foo/baz
>> http://server/foo/ ../baz => http://server/baz
>> @@ -12,6 +13,8 @@ Testing ff_make_absolute_url:
>> http://server/foo/bar?param=value/with/slashes /baz => http://server/baz
>> http://server/foo/bar?param&otherparam ?someparam => http://server/foo/bar?someparam
>> http://server/foo/bar //other/url => http://other/url
>> + http://server/foo/bar ../../../../../other/url => http://server/other/url
>
>> + http://server/foo/bar /../../../../../other/url => http://server/../../../../../other/url
>
> Is this supposed to be the proper result?
/../../../../../other/url, this is the absolute path, so just concat and don’t process,
Or what do you want to say?
>
>>
>> Testing av_url_split:
>> /foo/bar => -1 /foo/bar
>
> Regards,
>
> --
> Nicolas George
Thanks
Steven Liu
More information about the ffmpeg-devel
mailing list