• Michael Niedermayer's avatar
    avformat/hls: Check local file extensions · 189ff421
    Michael Niedermayer authored
    This reduces the attack surface of local file-system
    information leaking.
    
    It prevents the existing exploit leading to an information leak. As
    well as similar hypothetical attacks.
    
    Leaks of information from files and symlinks ending in common multimedia extensions
    are still possible. But files with sensitive information like private keys and passwords
    generally do not use common multimedia filename extensions.
    It does not stop leaks via remote addresses in the LAN.
    
    The existing exploit depends on a specific decoder as well.
    It does appear though that the exploit should be possible with any decoder.
    The problem is that as long as sensitive information gets into the decoder,
    the output of the decoder becomes sensitive as well.
    The only obvious solution is to prevent access to sensitive information. Or to
    disable hls or possibly some of its feature. More complex solutions like
    checking the path to limit access to only subdirectories of the hls path may
    work as an alternative. But such solutions are fragile and tricky to implement
    portably and would not stop every possible attack nor would they work with all
    valid hls files.
    
    Developers have expressed their dislike / objected to disabling hls by default as well
    as disabling hls with local files. There also where objections against restricting
    remote url file extensions. This here is a less robust but also lower
    inconvenience solution.
    It can be applied stand alone or together with other solutions.
    limiting the check to local files was suggested by nevcairiel
    
    This recommits the security fix without the author name joke which was
    originally requested by Nicolas.
    
    Found-by: Emil Lerner and Pavel Cheremushkin
    Reported-by: 's avatarThierry Foucu <tfoucu@google.com>
    Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
    189ff421
hls.c 71.8 KB