Mercurial > libavformat.hg

changeset 5683:7dab04a73364 libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Do not attempt to open references through absolute pathes. This would allow an attacker to test remotely if a local file exists.
author michael
date Sat, 20 Feb 2010 22:48:09 +0000
parents e346e10c9537
children 9a3b8d7062d2
files mov.c
diffstat 1 files changed, 2 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/mov.c	Sat Feb 20 11:22:47 2010 +0000
+++ b/mov.c	Sat Feb 20 22:48:09 2010 +0000
@@ -1556,11 +1556,8 @@
 
 static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
 {
-    /* try absolute path */
-    if (!url_fopen(pb, ref->path, URL_RDONLY))
-        return 0;
-
-    /* try relative path */
+    /* try relative path, we do not try the absolute because it can leak information about our
+       system to an attacker */
     if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
         char filename[1024];
         char *src_path;