# HG changeset patch
# User michael
# Date 1266706089 0
# Node ID 7dab04a733642ac269884b3bb70ed3df30972f85
# Parent  e346e10c9537218c6e9af615f9433d23a760aeef
Do not attempt to open references through absolute pathes.
This would allow an attacker to test remotely if a local file exists.

diff -r e346e10c9537 -r 7dab04a73364 mov.c
--- a/mov.c	Sat Feb 20 11:22:47 2010 +0000
+++ b/mov.c	Sat Feb 20 22:48:09 2010 +0000
@@ -1556,11 +1556,8 @@
 
 static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
 {
-    /* try absolute path */
-    if (!url_fopen(pb, ref->path, URL_RDONLY))
-        return 0;
-
-    /* try relative path */
+    /* try relative path, we do not try the absolute because it can leak information about our
+       system to an attacker */
     if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
         char filename[1024];
         char *src_path;