Commit b4ed528b authored by michael's avatar michael

Do not attempt to open references through absolute pathes.

This would allow an attacker to test remotely if a local file exists.


git-svn-id: file:///var/local/repositories/ffmpeg/trunk@21925 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
parent 72d06d61
......@@ -1556,11 +1556,8 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
{
/* try absolute path */
if (!url_fopen(pb, ref->path, URL_RDONLY))
return 0;
/* try relative path */
/* try relative path, we do not try the absolute because it can leak information about our
system to an attacker */
if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
char filename[1024];
char *src_path;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment