lavf: add a protocol whitelist/blacklist for file opened internally

Should make the default behaviour safer for careless callers that open
random untrusted files.

Bug-Id: CVE-2016-1897
Bug-Id: CVE-2016-1898

1 files changed, 6 insertions, 3 deletions

diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 1a545c78d6..f1e0780b47 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1668,7 +1668,8 @@ int ff_rtsp_connect(AVFormatContext *s)
         return AVERROR(EIO);
 
     if (!rt->protocols) {
-        rt->protocols = ffurl_get_protocols(NULL, NULL);
+        rt->protocols = ffurl_get_protocols(s->protocol_whitelist,
+                                            s->protocol_blacklist);
         if (!rt->protocols)
             return AVERROR(ENOMEM);
     }
@@ -2252,7 +2253,8 @@ static int sdp_read_header(AVFormatContext *s)
         return AVERROR(EIO);
 
     if (!rt->protocols) {
-        rt->protocols = ffurl_get_protocols(NULL, NULL);
+        rt->protocols = ffurl_get_protocols(s->protocol_whitelist,
+                                            s->protocol_blacklist);
         if (!rt->protocols)
             return AVERROR(ENOMEM);
     }
@@ -2379,7 +2381,8 @@ static int rtp_read_header(AVFormatContext *s)
         return AVERROR(EIO);
 
     if (!rt->protocols) {
-        rt->protocols = ffurl_get_protocols(NULL, NULL);
+        rt->protocols = ffurl_get_protocols(s->protocol_whitelist,
+                                            s->protocol_blacklist);
         if (!rt->protocols)
             return AVERROR(ENOMEM);
     }