avformat/hls: forbid all protocols except http(s) & file
authorMaxim Andreev <andreevmaxim@gmail.com>
Wed, 13 Jan 2016 08:51:12 +0000 (11:51 +0300)
committerMichael Niedermayer <michael@niedermayer.cc>
Fri, 15 Jan 2016 11:30:40 +0000 (12:30 +0100)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7145e80b4f78cff5ed5fee04d4c4d53daaa0e077)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/hls.c

index d3cb14b..44b656d 100644 (file)
@@ -618,6 +618,10 @@ static int open_url(HLSContext *c, URLContext **uc, const char *url, AVDictionar
 {
     AVDictionary *tmp = NULL;
     int ret;
+    const char *proto_name = avio_find_protocol_name(url);
+    // only http(s) & file are allowed
+    if (!av_strstart(proto_name, "http", NULL) && !av_strstart(proto_name, "file", NULL))
+        return AVERROR_INVALIDDATA;
 
     av_dict_copy(&tmp, c->avio_opts, 0);
     av_dict_copy(&tmp, opts, 0);