Mercurial > mplayer.hg

changeset 36146:5950fc0d4b53

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Allow parsing arbitrary files as playlist only if explicitly enabled.
author reimar
date Sun, 05 May 2013 17:02:33 +0000
parents 47edff322a99
children a657a5332e3a
files DOCS/man/en/mplayer.1 cfg-mplayer.h mplayer.c
diffstat 3 files changed, 17 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/DOCS/man/en/mplayer.1	Sun May 05 17:02:31 2013 +0000
+++ b/DOCS/man/en/mplayer.1	Sun May 05 17:02:33 2013 +0000
@@ -1290,6 +1290,13 @@
 FIXME: This needs to be clarified and documented thoroughly.
 .
 .TP
+.B \-allow-dangerous-playlist-parsing
+This enables parsing any file as a playlist if e.g. a server advertises
+a file as playlist.
+Only enable if you know all servers involved are trustworthy.
+MPlayer's playlist code is not designed to handle malicious playlist files.
+.
+.TP
 .B \-rtc\-device <device>
 Use the specified device for RTC timing.
 .
--- a/cfg-mplayer.h	Sun May 05 17:02:31 2013 +0000
+++ b/cfg-mplayer.h	Sun May 05 17:02:33 2013 +0000
@@ -307,6 +307,8 @@
 
     {"noloop", &mpctx_s.loop_times, CONF_TYPE_FLAG, 0, 0, -1, NULL},
     {"loop", &mpctx_s.loop_times, CONF_TYPE_INT, CONF_RANGE, -1, 10000, NULL},
+    {"allow-dangerous-playlist-parsing", &allow_playlist_parsing, CONF_TYPE_FLAG, 0, 0, 1, NULL},
+    {"noallow-dangerous-playlist-parsing", &allow_playlist_parsing, CONF_TYPE_FLAG, 0, 1, 0, NULL},
     {"playlist", NULL, CONF_TYPE_STRING, CONF_NOCFG, 0, 0, NULL},
     {"shuffle", NULL, CONF_TYPE_FLAG, CONF_NOCFG, 0, 0, NULL},
     {"noshuffle", NULL, CONF_TYPE_FLAG, CONF_NOCFG, 0, 0, NULL},
--- a/mplayer.c	Sun May 05 17:02:31 2013 +0000
+++ b/mplayer.c	Sun May 05 17:02:33 2013 +0000
@@ -330,6 +330,8 @@
 static int crash_debug;
 #endif
 
+static int allow_playlist_parsing;
+
 /* This header requires all the global variable declarations. */
 #include "cfg-mplayer.h"
 
@@ -3245,8 +3247,12 @@
         current_module = "handle_playlist";
         mp_msg(MSGT_CPLAYER, MSGL_V, "Parsing playlist %s...\n",
                filename_recode(filename));
-        entry      = parse_playtree(mpctx->stream, use_gui);
-        mpctx->eof = playtree_add_playlist(entry);
+        if (allow_playlist_parsing) {
+            entry      = parse_playtree(mpctx->stream, use_gui);
+            mpctx->eof = playtree_add_playlist(entry);
+        } else {
+            mp_msg(MSGT_CPLAYER, MSGL_ERR, "Playlist parsing disabled for security reasons. Ignoring file.\n");
+        }
         goto goto_next_file;
     }
     mpctx->stream->start_pos += seek_to_byte;