lavf: add a protocol whitelist/blacklist for file opened internally

Should make the default behaviour safer for careless callers that open
random untrusted files.

Bug-Id: CVE-2016-1897
Bug-Id: CVE-2016-1898

1 files changed, 21 insertions, 1 deletions

diff --git a/libavformat/options.c b/libavformat/options.c
index c7fa51f41f..f0d2c47e1e 100644
--- a/libavformat/options.c
+++ b/libavformat/options.c
@@ -20,6 +20,7 @@
 #include "avformat.h"
 #include "avio_internal.h"
 #include "internal.h"
+#include "url.h"
 
 #include "libavutil/internal.h"
 #include "libavutil/opt.h"
@@ -93,7 +94,26 @@ static const AVClass av_format_context_class = {
 static int io_open_default(AVFormatContext *s, AVIOContext **pb,
                            const char *url, int flags, AVDictionary **options)
 {
-    return avio_open2(pb, url, flags, &s->interrupt_callback, options);
+    AVDictionary *opts_local = NULL;
+    int ret;
+
+    if (!options)
+        options = &opts_local;
+
+    if (s->protocol_whitelist) {
+        ret = av_dict_set(options, "protocol_whitelist", s->protocol_whitelist, 0);
+        if (ret < 0)
+            goto finish;
+    }
+    if (s->protocol_blacklist) {
+        ret = av_dict_set(options, "protocol_blacklist", s->protocol_blacklist, 0);
+        if (ret < 0)
+            goto finish;
+    }
+    ret = avio_open2(pb, url, flags, &s->interrupt_callback, options);
+finish:
+    av_dict_free(&opts_local);
+    return ret;
 }
 
 static void io_close_default(AVFormatContext *s, AVIOContext *pb)