highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/url: check url root node when rel include double dot and trim double dot

Browse Source 
fix ticket: 8625
and add testcase into url for double dot corner case

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
This commit is contained in:
Steven Liu 2020-04-29 12:50:57 +08:00
parent 666dbe7aac
commit 648051f07c
3 changed files with 83 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavformat/tests/url.c
View File

@ -56,6 +56,7 @@ int main(void)
test("/foo/bar", "baz"); test("/foo/bar", "baz");
test("/foo/bar", "../baz"); test("/foo/bar", "../baz");
test("/foo/bar", "/baz"); test("/foo/bar", "/baz");
test("/foo/bar", "../../../baz");
test("http://server/foo/", "baz"); test("http://server/foo/", "baz");
test("http://server/foo/bar", "baz"); test("http://server/foo/bar", "baz");
test("http://server/foo/", "../baz"); test("http://server/foo/", "../baz");
@ -65,6 +66,10 @@ int main(void)
test("http://server/foo/bar?param=value/with/slashes", "/baz"); test("http://server/foo/bar?param=value/with/slashes", "/baz");
test("http://server/foo/bar?param&otherparam", "?someparam"); test("http://server/foo/bar?param&otherparam", "?someparam");
test("http://server/foo/bar", "//other/url"); test("http://server/foo/bar", "//other/url");
test("http://server/foo/bar", "../../../../../other/url");
test("http://server/foo/bar", "/../../../../../other/url");
test("http://server/foo/bar", "/test/../../../../../other/url");
test("http://server/foo/bar", "/test/../../test/../../../other/url");
printf("\nTesting av_url_split:\n"); printf("\nTesting av_url_split:\n");
test2("/foo/bar"); test2("/foo/bar");

77
libavformat/url.c
View File

@ -21,6 +21,7 @@
#include "avformat.h" #include "avformat.h"
#include "internal.h"
#include "config.h" #include "config.h"
#include "url.h" #include "url.h"
#if CONFIG_NETWORK #if CONFIG_NETWORK
@ -77,10 +78,53 @@ int ff_url_join(char *str, int size, const char *proto,
return strlen(str); return strlen(str);
} }
static void trim_double_dot_url(char *buf, const char *rel, int size)
{
const char *p = rel;
const char *root = rel;
char tmp_path[MAX_URL_SIZE] = {0, };
char *sep;
char *node;
/* Get the path root of the url which start by "://" */
if (p && (sep = strstr(p, "://"))) {
sep += 3;
root = strchr(sep, '/');
}
/* set new current position if the root node is changed */
p = root;
while (p && (node = strstr(p, ".."))) {
av_strlcat(tmp_path, p, node - p + strlen(tmp_path));
p = node + 3;
sep = strrchr(tmp_path, '/');
if (sep)
sep[0] = '\0';
else
tmp_path[0] = '\0';
}
if (!av_stristart(p, "/", NULL) && root != rel)
av_strlcat(tmp_path, "/", size);
av_strlcat(tmp_path, p, size);
/* start set buf after temp path process. */
av_strlcpy(buf, rel, root - rel + 1);
if (!av_stristart(tmp_path, "/", NULL) && root != rel)
av_strlcat(buf, "/", size);
av_strlcat(buf, tmp_path, size);
}
void ff_make_absolute_url(char *buf, int size, const char *base, void ff_make_absolute_url(char *buf, int size, const char *base,
const char *rel) const char *rel)
{ {
char *sep, *path_query; char *sep, *path_query;
char *root, *p;
char tmp_path[MAX_URL_SIZE];
memset(tmp_path, 0, sizeof(tmp_path));
/* Absolute path, relative to the current server */ /* Absolute path, relative to the current server */
if (base && strstr(base, "://") && rel[0] == '/') { if (base && strstr(base, "://") && rel[0] == '/') {
if (base != buf) if (base != buf)
@ -99,11 +143,14 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
} }
} }
av_strlcat(buf, rel, size); av_strlcat(buf, rel, size);
trim_double_dot_url(tmp_path, buf, size);
memset(buf, 0, size);
av_strlcpy(buf, tmp_path, size);
return; return;
} }
/* If rel actually is an absolute url, just copy it */ /* If rel actually is an absolute url, just copy it */
if (!base || strstr(rel, "://") || rel[0] == '/') { if (!base || strstr(rel, "://") || rel[0] == '/') {
av_strlcpy(buf, rel, size); trim_double_dot_url(buf, rel, size);
return; return;
} }
if (base != buf) if (base != buf)
@ -117,19 +164,38 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
/* Is relative path just a new query part? */ /* Is relative path just a new query part? */
if (rel[0] == '?') { if (rel[0] == '?') {
av_strlcat(buf, rel, size); av_strlcat(buf, rel, size);
trim_double_dot_url(tmp_path, buf, size);
memset(buf, 0, size);
av_strlcpy(buf, tmp_path, size);
return; return;
} }
root = p = buf;
/* Get the path root of the url which start by "://" */
if (p && strstr(p, "://")) {
sep = strstr(p, "://");
if (sep) {
sep += 3;
root = strchr(sep, '/');
}
}
/* Remove the file name from the base url */ /* Remove the file name from the base url */
sep = strrchr(buf, '/'); sep = strrchr(buf, '/');
if (sep <= root)
sep = root;
if (sep) if (sep)
sep[1] = '\0'; sep[1] = '\0';
else else
buf[0] = '\0'; buf[0] = '\0';
while (av_strstart(rel, "../", NULL) && sep) { while (av_strstart(rel, "..", NULL) && sep) {
/* Remove the path delimiter at the end */ /* Remove the path delimiter at the end */
sep[0] = '\0'; if (sep > root) {
sep = strrchr(buf, '/'); sep[0] = '\0';
sep = strrchr(buf, '/');
}
/* If the next directory name to pop off is "..", break here */ /* If the next directory name to pop off is "..", break here */
if (!strcmp(sep ? &sep[1] : buf, "..")) { if (!strcmp(sep ? &sep[1] : buf, "..")) {
/* Readd the slash we just removed */ /* Readd the slash we just removed */
@ -144,6 +210,9 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
rel += 3; rel += 3;
} }
av_strlcat(buf, rel, size); av_strlcat(buf, rel, size);
trim_double_dot_url(tmp_path, buf, size);
memset(buf, 0, size);
av_strlcpy(buf, tmp_path, size);
} }
AVIODirEntry *ff_alloc_dir_entry(void) AVIODirEntry *ff_alloc_dir_entry(void)

5
tests/ref/fate/url
View File

@ -3,6 +3,7 @@ Testing ff_make_absolute_url:
/foo/bar baz => /foo/baz /foo/bar baz => /foo/baz
/foo/bar ../baz => /baz /foo/bar ../baz => /baz
/foo/bar /baz => /baz /foo/bar /baz => /baz
/foo/bar ../../../baz => /baz
http://server/foo/ baz => http://server/foo/baz http://server/foo/ baz => http://server/foo/baz
http://server/foo/bar baz => http://server/foo/baz http://server/foo/bar baz => http://server/foo/baz
http://server/foo/ ../baz => http://server/baz http://server/foo/ ../baz => http://server/baz
@ -12,6 +13,10 @@ Testing ff_make_absolute_url:
http://server/foo/bar?param=value/with/slashes /baz => http://server/baz http://server/foo/bar?param=value/with/slashes /baz => http://server/baz
http://server/foo/bar?param&otherparam ?someparam => http://server/foo/bar?someparam http://server/foo/bar?param&otherparam ?someparam => http://server/foo/bar?someparam
http://server/foo/bar //other/url => http://other/url http://server/foo/bar //other/url => http://other/url
http://server/foo/bar ../../../../../other/url => http://server/other/url
http://server/foo/bar /../../../../../other/url => http://server/other/url
http://server/foo/bar /test/../../../../../other/url => http://server/other/url
http://server/foo/bar /test/../../test/../../../other/url => http://server/other/url
Testing av_url_split: Testing av_url_split:
/foo/bar => -1 /foo/bar /foo/bar => -1 /foo/bar