Do not attempt to open references through absolute pathes.

This would allow an attacker to test remotely if a local file exists. git-svn-id: file:///var/local/repositories/ffmpeg/trunk@21925 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

Do not attempt to open references through absolute pathes.
This would allow an attacker to test remotely if a local file exists. git-svn-id: file:///var/local/repositories/ffmpeg/trunk@21925 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
b4ed528b · michael · 72d06d61 · b4ed528b
Commit b4ed528b authored Feb 20, 2010 by michael
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 5 deletions

libavformat/mov.c libavformat/mov.c +2 -5

No files found.
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1556,11 +1556,8 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
 static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
 {
-    /* try absolute path */
+    /* try relative path, we do not try the absolute because it can leak information about our
-    if (!url_fopen(pb, ref->path, URL_RDONLY))
+       system to an attacker */
-        return 0;
-    /* try relative path */
    if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
        char filename[1024];
        char *src_path;