From ec4c48397641dbaf4ae8df36c32aaa5a311a11bf Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Wed, 20 Jan 2016 11:11:38 +0100
Subject: lavf: add a protocol whitelist/blacklist for file opened internally

Should make the default behaviour safer for careless callers that open
random untrusted files.

Bug-Id: CVE-2016-1897
Bug-Id: CVE-2016-1898
---
 libavformat/sapdec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'libavformat/sapdec.c')

diff --git a/libavformat/sapdec.c b/libavformat/sapdec.c
index 9fafd6bffe..fc85f65735 100644
--- a/libavformat/sapdec.c
+++ b/libavformat/sapdec.c
@@ -85,7 +85,8 @@ static int sap_read_header(AVFormatContext *s)
         av_strlcpy(host, "224.2.127.254", sizeof(host));
     }
 
-    sap->protocols = ffurl_get_protocols(NULL, NULL);
+    sap->protocols = ffurl_get_protocols(s->protocol_whitelist,
+                                         s->protocol_blacklist);
     if (!sap->protocols) {
         ret = AVERROR(ENOMEM);
         goto fail;
-- 
cgit v1.2.3