diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2014-09-30 23:25:39 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2014-10-19 04:37:30 +0200 |
| commit | 057ea2a9823a6e9f95a2f8eba05e401b8636b561 (patch) | |
| tree | 80657296d1920754da26e00a76c179386c8609ef /libavformat/utils.c | |
| parent | 5c8eb16769e581f828ce420373c558c190185cc1 (diff) | |
avformat: Add format_whitelist
This allows restricting demuxers to a list of needed ones for improved security
Note, some demuxers themselfs open other demuxers, these are only restricted if
AVOptions are forwarded to them. Please check that your code does that.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat/utils.c')
| -rw-r--r-- | libavformat/utils.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/libavformat/utils.c b/libavformat/utils.c index 7919cc47d6..995bcfc15c 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -291,6 +291,11 @@ static int set_codec_from_probe_data(AVFormatContext *s, AVStream *st, int av_demuxer_open(AVFormatContext *ic) { int err; + if (ic->format_whitelist && av_match_list(ic->iformat->name, ic->format_whitelist, ',') <= 0) { + av_log(ic, AV_LOG_ERROR, "Format not on whitelist\n"); + return AVERROR(EINVAL); + } + if (ic->iformat->read_header) { err = ic->iformat->read_header(ic); if (err < 0) @@ -402,6 +407,13 @@ int avformat_open_input(AVFormatContext **ps, const char *filename, if ((ret = init_input(s, filename, &tmp)) < 0) goto fail; s->probe_score = ret; + + if (s->format_whitelist && av_match_list(s->iformat->name, s->format_whitelist, ',') <= 0) { + av_log(s, AV_LOG_ERROR, "Format not on whitelist\n"); + ret = AVERROR(EINVAL); + goto fail; + } + avio_skip(s->pb, s->skip_initial_bytes); /* Check filename in case an image number is expected. */ @@ -2576,6 +2588,8 @@ static int try_decode_frame(AVFormatContext *s, AVStream *st, AVPacket *avpkt, /* Force thread count to 1 since the H.264 decoder will not extract * SPS and PPS to extradata during multi-threaded decoding. */ av_dict_set(options ? options : &thread_opt, "threads", "1", 0); + if (s->codec_whitelist) + av_dict_set(options ? options : &thread_opt, "codec_whitelist", s->codec_whitelist, 0); ret = avcodec_open2(st->codec, codec, options ? options : &thread_opt); if (!options) av_dict_free(&thread_opt); @@ -3009,6 +3023,9 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) * SPS and PPS to extradata during multi-threaded decoding. */ av_dict_set(options ? &options[i] : &thread_opt, "threads", "1", 0); + if (ic->codec_whitelist) + av_dict_set(options ? &options[i] : &thread_opt, "codec_whitelist", ic->codec_whitelist, 0); + /* Ensure that subtitle_header is properly set. */ if (st->codec->codec_type == AVMEDIA_TYPE_SUBTITLE && codec && !st->codec->codec) { |