• Sysiphus's avatar
    avformat/hls: Check local file extensions · caf7d617
    Sysiphus authored
    This reduces the attack surface of local file-system
    information leaking.
    
    It prevents the existing exploit leading to an information leak. As
    well as similar hypothetical attacks.
    
    Leaks of information from files and symlinks ending in common multimedia extensions
    are still possible. But files with sensitive information like private keys and passwords
    generally do not use common multimedia filename extensions.
    It does not stop leaks via remote addresses in the LAN.
    
    The existing exploit depends on a specific decoder as well.
    It does appear though that the exploit should be possible with any decoder.
    The problem is that as long as sensitive information gets into the decoder,
    the output of the decoder becomes sensitive as well.
    The only obvious solution is to prevent access to sensitive information. Or to
    disable hls or possibly some of its feature. More complex solutions like
    checking the path to limit access to only subdirectories of the hls path may
    work as an alternative. But such solutions are fragile and tricky to implement
    portably and would not stop every possible attack nor would they work with all
    valid hls files.
    
    Developers have expressed their dislike / objected to disabling hls by default as well
    as disabling hls with local files. There also where objections against restricting
    remote url file extensions. This here is a less robust but also lower
    inconvenience solution.
    It can be applied stand alone or together with other solutions.
    limiting the check to local files was suggested by nevcairiel
    
    Found-by: Emil Lerner and Pavel Cheremushkin
    Reported-by: 's avatarThierry Foucu <tfoucu@google.com>
    Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
    caf7d617
Name
Last commit
Last update
compat Loading commit data...
doc Loading commit data...
ffbuild Loading commit data...
libavcodec Loading commit data...
libavdevice Loading commit data...
libavfilter Loading commit data...
libavformat Loading commit data...
libavresample Loading commit data...
libavutil Loading commit data...
libpostproc Loading commit data...
libswresample Loading commit data...
libswscale Loading commit data...
presets Loading commit data...
tests Loading commit data...
tools Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.travis.yml Loading commit data...
CONTRIBUTING.md Loading commit data...
COPYING.GPLv2 Loading commit data...
COPYING.GPLv3 Loading commit data...
COPYING.LGPLv2.1 Loading commit data...
COPYING.LGPLv3 Loading commit data...
CREDITS Loading commit data...
Changelog Loading commit data...
INSTALL.md Loading commit data...
LICENSE.md Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README.md Loading commit data...
RELEASE Loading commit data...
cmdutils.c Loading commit data...
cmdutils.h Loading commit data...
cmdutils_opencl.c Loading commit data...
configure Loading commit data...
ffmpeg.c Loading commit data...
ffmpeg.h Loading commit data...
ffmpeg_cuvid.c Loading commit data...
ffmpeg_dxva2.c Loading commit data...
ffmpeg_filter.c Loading commit data...
ffmpeg_opt.c Loading commit data...
ffmpeg_qsv.c Loading commit data...
ffmpeg_vaapi.c Loading commit data...
ffmpeg_vdpau.c Loading commit data...
ffmpeg_videotoolbox.c Loading commit data...
ffplay.c Loading commit data...
ffprobe.c Loading commit data...
ffserver.c Loading commit data...
ffserver_config.c Loading commit data...
ffserver_config.h Loading commit data...