[FFmpeg-devel] [PATCH v2 1/2] avformat/url: check double dot is not to parent directory
Nicolas George
george at nsup.org
Sat Jul 25 11:31:38 EEST 2020
Steven Liu (12020-07-25):
> fix ticket: 8814
> if get ".." in the url, check next byte and lead byte by double dot,
> it there have no '/' and not root node, it is not used go to directory ".."
>
> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
> libavformat/url.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/libavformat/url.c b/libavformat/url.c
> index 20463a6674..35f27fe3ca 100644
> --- a/libavformat/url.c
> +++ b/libavformat/url.c
> @@ -97,6 +97,18 @@ static void trim_double_dot_url(char *buf, const char *rel, int size)
> /* set new current position if the root node is changed */
> p = root;
> while (p && (node = strstr(p, ".."))) {
> + if (strlen(node) > 2 && node[2] != '/') {
I have not yet looked at the whole patch, but this strlen() test is
useless.
And I think you would better rework the complete logic of the test:
strstring ".." is a broken method.
> + node = strstr(node + 1, "..");
> + if (!node)
> + break;
> + }
> +
> + if (p != node && p[node - p - 1] != '/') {
> + node = strstr(node + 1, "..");
> + if (!node)
> + break;
> + }
> +
> av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
> p = node + 3;
> sep = strrchr(tmp_path, '/');
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200725/a0836596/attachment.sig>
More information about the ffmpeg-devel
mailing list