[FFmpeg-devel] [PATCH] fixed printf injection bug in mmsh requests
Kirill Zorin
cyril.zorin at gmail.com
Wed Jun 15 15:06:27 CEST 2011
Looks like URL-encoded entities (e.g. %20) in mmsh:// input URLs get
interpreted as format specifiers by ff_url_join, since the request
path was provided to it as the format string.
Let me know if anything's missing.
---
ffmpeg/libavformat/mmsh.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ffmpeg/libavformat/mmsh.c b/ffmpeg/libavformat/mmsh.c
index 5344967..689ec31 100644
--- a/ffmpeg/libavformat/mmsh.c
+++ b/ffmpeg/libavformat/mmsh.c
@@ -238,7 +238,7 @@ static int mmsh_open(URLContext *h, const char
*uri, int flags)
host, sizeof(host), &port, path, sizeof(path), location);
if (port<0)
port = 80; // default mmsh protocol port
- ff_url_join(httpname, sizeof(httpname), "http", NULL, host, port, path);
+ ff_url_join(httpname, sizeof(httpname), "http", NULL, host, port,
"%s", path);
if (url_alloc(&mms->mms_hd, httpname, URL_RDONLY) < 0) {
return AVERROR(EIO);
--
1.7.3.4
More information about the ffmpeg-devel
mailing list