Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
05c8198d
Commit
05c8198d
authored
Nov 20, 2007
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove VLCOPT support from M3U parser.
This was blatantly insecure.
parent
b83bd217
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
8 additions
and
0 deletions
+8
-0
modules/demux/playlist/m3u.c
modules/demux/playlist/m3u.c
+8
-0
No files found.
modules/demux/playlist/m3u.c
View file @
05c8198d
...
@@ -145,6 +145,13 @@ static int Demux( demux_t *p_demux )
...
@@ -145,6 +145,13 @@ static int Demux( demux_t *p_demux )
if
(
psz_artist
)
if
(
psz_artist
)
psz_artist
=
strdup
(
psz_artist
);
psz_artist
=
strdup
(
psz_artist
);
}
}
#if 0
/* You're going to need a pretty strong explanation, why
* this is not a big security hole if you are to uncomment
* this piece of code. Potentially untrusted input file must
* not be allowed to specify options in an open-handed fashion.
* -- Courmisch
*/
else if( !strncasecmp( psz_parse, "EXTVLCOPT:",
else if( !strncasecmp( psz_parse, "EXTVLCOPT:",
sizeof("EXTVLCOPT:") -1 ) )
sizeof("EXTVLCOPT:") -1 ) )
{
{
...
@@ -158,6 +165,7 @@ static int Demux( demux_t *p_demux )
...
@@ -158,6 +165,7 @@ static int Demux( demux_t *p_demux )
INSERT_ELEM( ppsz_options, i_options, i_options,
INSERT_ELEM( ppsz_options, i_options, i_options,
psz_option );
psz_option );
}
}
#endif
}
}
else
if
(
!
strncasecmp
(
psz_parse
,
"RTSPtext"
,
sizeof
(
"RTSPtext"
)
-
1
)
)
else
if
(
!
strncasecmp
(
psz_parse
,
"RTSPtext"
,
sizeof
(
"RTSPtext"
)
-
1
)
)
{
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment