[FFmpeg-devel] [PATCH 3/3] avformat: set the default whitelist to disable hls

Tobias Rapp t.rapp at noa-archive.com
Thu Jun 1 15:48:42 EEST 2017

On 01.06.2017 13:44, Michael Niedermayer wrote:
> This prevents an exploit leading to an information leak
> The existing exploit depends on a specific decoder as well.
> It does appear though that the exploit should be possible with any decoder.
> The problem is that as long as sensitive information gets into the decoder,
> the output of the decoder becomes sensitive as well.
> The only obvious solution is to prevent access to sensitive information. Or to
> disable hls or possibly some of its feature. More complex solutions like
> checking the path to limit access to only subdirectories of the hls path may
> work as an alternative. But such solutions are fragile and tricky to implement
> portably and would not stop every possible attack nor would they work with all
> valid hls files.
> Found-by: Emil Lerner and Pavel Cheremushkin
> Reported-by: Thierry Foucu <tfoucu at google.com>
> Fix inspired by: Tobias Rapp <t.rapp at noa-archive.com>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavformat/options_table.h | 2 +-
>  libavformat/utils.c         | 6 +++++-
>  tests/fate/avformat.mak     | 4 ++--
>  tests/fate/filter-audio.mak | 4 ++--
>  4 files changed, 10 insertions(+), 6 deletions(-)

I would prefer this patch over the one in 


More information about the ffmpeg-devel mailing list