Do not attempt to open references through absolute pathes.

This would allow an attacker to test remotely if a local file exists. Originally committed as revision 21925 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Michael Niedermayer <michaelni@gmx.at> 2010-02-20 22:48:09 +0000
committer: Michael Niedermayer <michaelni@gmx.at> 2010-02-20 22:48:09 +0000
commit: 6a2459059e469fdb835ff4abcbc3bae9781116b3 (patch)
tree: 3084b8abdbf018b27c39ceda7c7fed3a3d45f7a4 /libavformat/mov.c
parent: e4a35244fac4171a3d3c60a5bac465b98fe0444b (diff)
download: ffmpeg-6a2459059e469fdb835ff4abcbc3bae9781116b3.tar.gz
1 files changed, 2 insertions, 5 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index c5e3ec0196..8cc1287853 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1556,11 +1556,8 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
 
 static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
 {
-    /* try absolute path */
-    if (!url_fopen(pb, ref->path, URL_RDONLY))
-        return 0;
-
-    /* try relative path */
+    /* try relative path, we do not try the absolute because it can leak information about our
+       system to an attacker */
     if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
         char filename[1024];
         char *src_path;
author	Michael Niedermayer <michaelni@gmx.at>	2010-02-20 22:48:09 +0000
committer	Michael Niedermayer <michaelni@gmx.at>	2010-02-20 22:48:09 +0000
commit	6a2459059e469fdb835ff4abcbc3bae9781116b3 (patch)
tree	3084b8abdbf018b27c39ceda7c7fed3a3d45f7a4 /libavformat/mov.c
parent	e4a35244fac4171a3d3c60a5bac465b98fe0444b (diff)
download	ffmpeg-6a2459059e469fdb835ff4abcbc3bae9781116b3.tar.gz