PR #22292 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22292 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22292.patch
avformat/rtsp: Use ff_format_check_set_url() ... Fixes: redirect to blacklisted protocol Fixes: YWH-PGM40646-41 Found-by: BapToutatis Signed-off-by: Michael Niedermayer <[email protected]> From fc083ce5e2edcb5cbf6d6bdae8456020dc6403dc Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 26 Feb 2026 03:05:36 +0100 Subject: [PATCH 1/2] avformat: Add ff_format_check_set_url() Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/avformat.c | 31 +++++++++++++++++++++++++++++++ libavformat/internal.h | 10 ++++++++++ 2 files changed, 41 insertions(+) diff --git a/libavformat/avformat.c b/libavformat/avformat.c index 806f8dcab2..3b78da6078 100644 --- a/libavformat/avformat.c +++ b/libavformat/avformat.c @@ -868,6 +868,37 @@ void ff_format_set_url(AVFormatContext *s, char *url) s->url = url; } +int ff_format_check_set_url(AVFormatContext *s, char *url) +{ + av_assert0(url); + char proto[64]; + char auth[256]; + char host[256]; + char path[256]; + int port=-1; + + av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), &port, path, sizeof(path), url); + + if (s->protocol_whitelist && av_match_list(proto, s->protocol_whitelist, ',') <= 0) { + av_log(s, AV_LOG_ERROR, "Protocol '%s' not on whitelist '%s'!\n", proto, s->protocol_whitelist); + return AVERROR(EINVAL); + } + + if (s->protocol_blacklist && av_match_list(proto, s->protocol_blacklist, ',') > 0) { + av_log(s, AV_LOG_ERROR, "Protocol '%s' on blacklist '%s'!\n", proto, s->protocol_blacklist); + return AVERROR(EINVAL); + } + + url = av_strdup(url); + if (!url) + return AVERROR(ENOMEM); + + av_freep(&s->url); + s->url = url; + return 0; +} + + int ff_format_io_close(AVFormatContext *s, AVIOContext **pb) { int ret = 0; diff --git a/libavformat/internal.h b/libavformat/internal.h index 64452cce6e..06ddb569de 100644 --- a/libavformat/internal.h +++ b/libavformat/internal.h @@ -630,6 +630,16 @@ int ff_bprint_to_codecpar_extradata(AVCodecParameters *par, struct AVBPrint *buf */ void ff_format_set_url(AVFormatContext *s, char *url); +/** + * Set AVFormatContext url field to a av_strdup of the provided pointer. The pointer must + * point to a valid string. The existing url field is freed if necessary. + * + * Checks protocol_whitelist/blacklist + * + * @returns a AVERROR code or non negative on success + */ +int ff_format_check_set_url(AVFormatContext *s, char *url); + /** * Return a positive value if the given url has one of the given * extensions, negative AVERROR on error, 0 otherwise. -- 2.52.0 From f62a4939418537ee92f0aa2b472a4666a5f379f2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 26 Feb 2026 03:08:36 +0100 Subject: [PATCH 2/2] avformat/rtsp: Use ff_format_check_set_url() Fixes: redirect to blacklisted protocol Fixes: YWH-PGM40646-41 Found-by: BapToutatis Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/rtsp.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index 822780087d..aaad565c2b 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -2170,12 +2170,11 @@ redirect: ff_rtsp_close_streams(s); ff_rtsp_close_connections(s); if (reply->status_code >=300 && reply->status_code < 400 && s->iformat) { - char *new_url = av_strdup(reply->location); - if (!new_url) { - err = AVERROR(ENOMEM); + int ret = ff_format_check_set_url(s, reply->location); + if (ret < 0) { + err = ret; goto fail2; } - ff_format_set_url(s, new_url); rt->session_id[0] = '\0'; av_log(s, AV_LOG_INFO, "Status %d: Redirecting to %s\n", reply->status_code, -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
