From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Cc: michaelni <code@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avformat: Add ff_format_check_set_url() and use in rtsp (PR #22292)
Date: Thu, 26 Feb 2026 13:25:41 -0000
Message-ID: <177211234179.25.11936927305820244505@29965ddac10e> (raw)
PR #22292 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22292
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22292.patch
avformat/rtsp: Use ff_format_check_set_url() ...
Fixes: redirect to blacklisted protocol
Fixes: YWH-PGM40646-41
Found-by: BapToutatis
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
From fc083ce5e2edcb5cbf6d6bdae8456020dc6403dc Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 26 Feb 2026 03:05:36 +0100
Subject: [PATCH 1/2] avformat: Add ff_format_check_set_url()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/avformat.c | 31 +++++++++++++++++++++++++++++++
libavformat/internal.h | 10 ++++++++++
2 files changed, 41 insertions(+)
diff --git a/libavformat/avformat.c b/libavformat/avformat.c
index 806f8dcab2..3b78da6078 100644
--- a/libavformat/avformat.c
+++ b/libavformat/avformat.c
@@ -868,6 +868,37 @@ void ff_format_set_url(AVFormatContext *s, char *url)
s->url = url;
}
+int ff_format_check_set_url(AVFormatContext *s, char *url)
+{
+ av_assert0(url);
+ char proto[64];
+ char auth[256];
+ char host[256];
+ char path[256];
+ int port=-1;
+
+ av_url_split(proto, sizeof(proto), auth, sizeof(auth), host, sizeof(host), &port, path, sizeof(path), url);
+
+ if (s->protocol_whitelist && av_match_list(proto, s->protocol_whitelist, ',') <= 0) {
+ av_log(s, AV_LOG_ERROR, "Protocol '%s' not on whitelist '%s'!\n", proto, s->protocol_whitelist);
+ return AVERROR(EINVAL);
+ }
+
+ if (s->protocol_blacklist && av_match_list(proto, s->protocol_blacklist, ',') > 0) {
+ av_log(s, AV_LOG_ERROR, "Protocol '%s' on blacklist '%s'!\n", proto, s->protocol_blacklist);
+ return AVERROR(EINVAL);
+ }
+
+ url = av_strdup(url);
+ if (!url)
+ return AVERROR(ENOMEM);
+
+ av_freep(&s->url);
+ s->url = url;
+ return 0;
+}
+
+
int ff_format_io_close(AVFormatContext *s, AVIOContext **pb)
{
int ret = 0;
diff --git a/libavformat/internal.h b/libavformat/internal.h
index 64452cce6e..06ddb569de 100644
--- a/libavformat/internal.h
+++ b/libavformat/internal.h
@@ -630,6 +630,16 @@ int ff_bprint_to_codecpar_extradata(AVCodecParameters *par, struct AVBPrint *buf
*/
void ff_format_set_url(AVFormatContext *s, char *url);
+/**
+ * Set AVFormatContext url field to a av_strdup of the provided pointer. The pointer must
+ * point to a valid string. The existing url field is freed if necessary.
+ *
+ * Checks protocol_whitelist/blacklist
+ *
+ * @returns a AVERROR code or non negative on success
+ */
+int ff_format_check_set_url(AVFormatContext *s, char *url);
+
/**
* Return a positive value if the given url has one of the given
* extensions, negative AVERROR on error, 0 otherwise.
--
2.52.0
From f62a4939418537ee92f0aa2b472a4666a5f379f2 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 26 Feb 2026 03:08:36 +0100
Subject: [PATCH 2/2] avformat/rtsp: Use ff_format_check_set_url()
Fixes: redirect to blacklisted protocol
Fixes: YWH-PGM40646-41
Found-by: BapToutatis
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/rtsp.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 822780087d..aaad565c2b 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -2170,12 +2170,11 @@ redirect:
ff_rtsp_close_streams(s);
ff_rtsp_close_connections(s);
if (reply->status_code >=300 && reply->status_code < 400 && s->iformat) {
- char *new_url = av_strdup(reply->location);
- if (!new_url) {
- err = AVERROR(ENOMEM);
+ int ret = ff_format_check_set_url(s, reply->location);
+ if (ret < 0) {
+ err = ret;
goto fail2;
}
- ff_format_set_url(s, new_url);
rt->session_id[0] = '\0';
av_log(s, AV_LOG_INFO, "Status %d: Redirecting to %s\n",
reply->status_code,
--
2.52.0
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
reply other threads:[~2026-02-26 13:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=177211234179.25.11936927305820244505@29965ddac10e \
--to=ffmpeg-devel@ffmpeg.org \
--cc=code@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git