From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 2990F46218 for ; Wed, 10 May 2023 06:44:47 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C77FA68C20C; Wed, 10 May 2023 09:44:43 +0300 (EEST) Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2124.outbound.protection.outlook.com [40.107.241.124]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E332C68BFDB for ; Wed, 10 May 2023 09:44:37 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M+tZ8jksL7MAA+I7hM3AZisrkRBhwY5ZwOXHc/rrSQq58tbnQEIuK/btTVBBoDbgG9a+cC1Vr8/SoYr2Ux/dSFdXzXLNBEIJSqnZ/ySB/AI8r8vna/sNtNFRvy7CelmFY95ZnXfp4UFZjbMZdlA1Gq2vkd1D+xoxu9KgFCydbfj0pxhqhO0EstWmMjGR7tm3Oi3F/sflWvgLH+mhIIFz366TwYYkNWoFvNqjIRdtWv+Gwk00y1RANzzuNYJ+bkc/M/AmnwLLI8T+gm2A+TO3Gtw7tUKI73CMbwK5ZnXpsI/G5MtJ3oyFAX2IU2RrpQU6HtA6b4E7js+HVSQJs5yGew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WQhIzcpr4nYyudgd2KoWdlEwXaJVkvx1Hkb7MTp5jTA=; b=cVeqS2ZJvPxqtNtQ7ytnaGcDEO17ZiplB2pHMUT//5peGARNg3I6VEYJtPUOTcP0RSeHTfHipyxDTXtpTMuld40A6BUPc4pdZsDkA7fnHVynuEySGNI4cO2gFhtiImmf4q89a8n1u+5y7QqnJfVyg9KvEVLWweoLxa04kyU1/lxUby9sfMZl6N2OtXwE7HFALYi8zfVNTNi3qOTACB+vqS+CdixL89KF7HqZM0/D1nFWGwsy8s6zWRhpZE0HR8NYGWzruLhYToGFRGvX+Wl7YbcOiIGYcMMZM46a1xjJXRCh7CpamAq/gbaYty9XZGAmj+GJhHR6Me4A5DLlNkJm5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=noa-archive.com; dmarc=pass action=none header.from=noa-archive.com; dkim=pass header.d=noa-archive.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=noa-archive.com; Received: from DB4PR09MB5847.eurprd09.prod.outlook.com (2603:10a6:10:38d::8) by DB8PR09MB3980.eurprd09.prod.outlook.com (2603:10a6:10:128::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Wed, 10 May 2023 06:44:34 +0000 Received: from DB4PR09MB5847.eurprd09.prod.outlook.com ([fe80::a335:55fa:f8e8:1f8f]) by DB4PR09MB5847.eurprd09.prod.outlook.com ([fe80::a335:55fa:f8e8:1f8f%5]) with mapi id 15.20.6387.019; Wed, 10 May 2023 06:44:33 +0000 Message-ID: Date: Wed, 10 May 2023 08:44:31 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 To: ffmpeg-devel@ffmpeg.org References: <20230506132503.9524-1-michael@niedermayer.cc> <20230508223508.GW1391451@pb2> <168361317605.3843.15085974109463921278@lain.khirnov.net> <20230509204402.GA1391451@pb2> Content-Language: en-US From: Tobias Rapp Organization: NOA GmbH In-Reply-To: <20230509204402.GA1391451@pb2> X-ClientProxiedBy: FR3P281CA0101.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a1::10) To DB4PR09MB5847.eurprd09.prod.outlook.com (2603:10a6:10:38d::8) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB4PR09MB5847:EE_|DB8PR09MB3980:EE_ X-MS-Office365-Filtering-Correlation-Id: d0a1270e-2a8e-4245-2e3a-08db51220380 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: d56mYzgTIFpqQi/Bb2iLGwKqbftFTkevmZ2PCho5ltVz2u4KwAs5zxMVpVkzL7z00gYBE80l+QECnDsA6zJiMXBdFHNRjlGpO4V+T3FG7qZjmVFo6zj3znfvwkMQDCPCKOubphycsmT7lZxocdPX/2FlfQmMuYjylk1Vht62KotvQZRlUyUzkVG13YB33fsEZSi+hzPCYNUbYw7DXW03SjVmFpoZSEuqyFbyr/MN+DfvHh4teOGmp/hobWFBlXJO0lfwPqYW7ImoVdn8UHEBPpfDFyXx3xN5nSwRQzz/48l9tU1bKUrR+q5dYwCEfO2V82l7rsbmWuJg2McLshQYmCfcX9idyVIM11021LaGMyEn3BrPegj9pHriYy5jIuqyGmqAMjg/BRU+Tmrtb//7cTmyOa84kwO19Oqf7CeP3+r+OKeCvqVDvsrzYzxZ4P0sns5Zdc94AXEAef/07rZGUrf8CmagbROumkwRaND7rB+j+OynIdTpTYVNqWhtFqT4W/2/2QloHQYCy8WFbN7Xc5gdixmxuQDC2p/qeBFar6VapmDTumZyMT+090yhnKAK7mp7UC11gAR97todX3XyZi2YTkD77unedMGfXmKEZbozKfykL5WGjOOPnz5rAcRfHsqg1AWzRCR341/qLehLog== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB4PR09MB5847.eurprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(366004)(39830400003)(136003)(346002)(396003)(376002)(451199021)(36916002)(31696002)(31686004)(86362001)(316002)(66476007)(66556008)(6486002)(6916009)(66946007)(41300700001)(8676002)(8936002)(5660300002)(478600001)(53546011)(36756003)(6512007)(26005)(6506007)(2906002)(186003)(38100700002)(2616005)(83380400001)(43740500002)(45980500001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TW9VOU5heDhyQkxUWFBweHlqR2pHaUtyMUxKL1JFYklHMGdyQTZMT1hzdENZ?= =?utf-8?B?TEswU25kemhlV3RWTUR6WE8rUW5TaVBTVVVBTnBTQ2RLSGJMSjFPbTlUbkt5?= =?utf-8?B?dUxCVWFxQzZtanRqN1NLMjZBSHRGTm94T1hoY050RjFqZ1RRdkJ2VWVYaWJM?= =?utf-8?B?UVg5SW1jTU9Bb01UUjl0YXR5UkdoeW03Zm02NlFWSXNYYkNFQzdoaUI2MVRJ?= =?utf-8?B?bUlFQkJyWUdwTnRvaXE2amd4T3hTVWZJdktXMnpBU0FPRC9kb05ZK0ZScnI1?= =?utf-8?B?ZjNLV0JLVFBTN2RnS3hEckJYWWtqL0RvQkhkZ1VoRFRRa1MzTW92Zk5nVUsw?= =?utf-8?B?Y3BiVHNySkNISlMrOXJKelJxNks4T0UxKzlMcm92cVZ3UHNGWlFMS3NsSnpp?= =?utf-8?B?aWZVV2tqNDdDbThIRGNySEp5NytKTFZRYVdtZU4xb0YrUGxQMlA2Q2d4Vjdp?= =?utf-8?B?L21yTC9kbUZGMldGVFhZKzlSYVVLK29BMFFlUUFmd0MxOGdnNXVWd1lwQjV2?= =?utf-8?B?SnVEUUd4WXVXL0VYeTloZllrVG5kMmg1elg4QVhHMk5jR2dCeWgxREplRjlw?= =?utf-8?B?emJzYTF1d0VWSzMyY3ZIOEtXZC9EZ3VQckdsSkh2S01FYjExYTI0NDY0NGVy?= =?utf-8?B?RTBTUzRxOXhvMG1PKzg4Wm80ZGJwY0NGeFRNYkUvMWxETVR5TmdONXZNYURr?= =?utf-8?B?Mmp4TFptZG5zVkxCb0t2QmVkVkFlQm9EYWxmRHhIZ2dSbmluVHlDUjh4V2xT?= =?utf-8?B?TmJEOEtUeUwyZDBDV3liRHRzWE45MllhVlNDYkJjS29uRm9mNHBRM0h1RlVF?= =?utf-8?B?TDhONmdIR09SSFhFek1aSmRuU1Y1cG1YRGt1S212aFJHbjZFakk5RmZmNHVt?= =?utf-8?B?UGdhRWZLVFY4cUhPdVdtdjBGMnBLQnhGZVRFSmRzR0g5R3RLZnFFdjFJeVg5?= =?utf-8?B?bjkxN3JYSTRYOFhIaVNQV1A2a3E3aGxDdzM1cmU3WEtNZG9iS2RrcDA1T3ZD?= =?utf-8?B?R0luaExGSVc4QVlwVW1yOXZHU2htQiswS0hNU2tlMWxDd0pSVFJzNXBTaHR0?= =?utf-8?B?bHFjbUdKSVY4WlZmQ0xxcjN2MGtuV2NpL3J4L29oeE93SkpJTVF2YXg0WHMr?= =?utf-8?B?SDB1TTZJK1JFK1pPTW9laEdoRHRGRVlIMTYrNG83SVVxaUI4ZXB1cG92Z3NW?= =?utf-8?B?NzVRWWJvRlcrY3lkbFNJc2NlT01mL0VJSTlyMzRKUjJUVGt6ZjZyOWRnazZT?= =?utf-8?B?dGdzaHdjMFBQaFRYVTVsWUppWnhSekxRYXh1ZVJ1NVFmcEZxdGpCZDV2bWRB?= =?utf-8?B?MjJaZWxYalNCZzNDSkRsdUdub1VjU0Z0b251RXh0VldmRnBtdjNuZytQL1gr?= =?utf-8?B?cGJRMlVmMFdWZ1Nuck91cUFZR0dOczJjNWFEWlQwUDJsWlUwWUU2bGRKZFRt?= =?utf-8?B?RmZMU2JwcStUU2s1blhyYWJUNmlWTDdDYnY3MjFjMTZXRHJOSStFLzZ3VU1u?= =?utf-8?B?T1hCMTQrZUJvSzBCQUZkYnc3ZTBRakJ3QUdFS29mZWp5a01XRmRXY1ZTQ3Vm?= =?utf-8?B?RkZGSHNsb0tHQm92UWQ5dzZDMUc5NjJNK0FkNkFvTEtFZ1o5YzdnL00xckZy?= =?utf-8?B?NTI3SnVRZXlWUmR0MU9tSzRqYW92TFJJSUZYaW55eFU2VVMra2p3YTVsWUpD?= =?utf-8?B?ZVZxa0NrTE92cnFpMG4xTUVSSEFrcmhNM0Z5RGF5bWJqc2lGVW51bno2SU1J?= =?utf-8?B?amtpTU95VzcwV2QwZmlTMkRFbE1wK3pSMFA2ZDZ0OGF0UzFOdFp2ZjU1enNG?= =?utf-8?B?U3ptZWR5VlAzOE1qd3UxTENXbjgwdE1MVE5QaVgrdEIwTDJldjdSMkdTTlJU?= =?utf-8?B?b1hDdHlZNzJhMzFwb0pKZ2M2NDdNTHB2bHpXRG14RXBsaEFibDUrMDdERElp?= =?utf-8?B?UnFibXFGQmhDeE1ZQjFsMFh0V0JGK3hOZDdSMkl4anB6ZGlzbWlXR25LL3E1?= =?utf-8?B?R0hjMGpmMGc1VnJnMTJVQjFrVnJpZm1YNGdyNElPcENZeXdkeDJOcUxTU0hq?= =?utf-8?B?TWtRbFMrck11RnowS3ZIRUNOR09SNG9kdG4xeG1pUm9TckxxeHFkUjdXSHlQ?= =?utf-8?B?empIREIwRVpiaE1DOUdNMnZnbGNWYjJZZTBYcUZPRHB0bzd1UVgrYitlaWxY?= =?utf-8?B?eVE9PQ==?= X-OriginatorOrg: noa-archive.com X-MS-Exchange-CrossTenant-Network-Message-Id: d0a1270e-2a8e-4245-2e3a-08db51220380 X-MS-Exchange-CrossTenant-AuthSource: DB4PR09MB5847.eurprd09.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 May 2023 06:44:33.7662 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: a676c8d7-7f39-4c99-a306-48abb76a98e9 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mplBw9g/oaKKVI84WkOjSOoPbI214/6wdwv2YGP3/RQ/b5D1/zxJ+2yN6LSGsJNPMYy1ZLE9NRnZHkgIkNQoYg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR09MB3980 Subject: Re: [FFmpeg-devel] [PATCH 1/3] avformat/dashdec: fail on probing non mpd file extension X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 09/05/2023 22:44, Michael Niedermayer wrote: > On Tue, May 09, 2023 at 08:19:36AM +0200, Anton Khirnov wrote: >> Quoting Michael Niedermayer (2023-05-09 00:35:08) >>> [...] >>> would anyone be opposed to return 0 from dash_probe() when >>> both the mime_type and the extension are wrong ? >> I would. >> >> probe() is for probing, not implementing security policies. IMO trying >> to fix security issues at the wrong layer will only lead to more >> confusion, more complexity, and LESS security. > YES i agree, probe is not for security policies > > Its for probing but IMHO > If you have a > taxreport.pdf that parses correctly as jar and installs jRAT if you execute it > Then it would be valid for probe() to identify this as type exploit instead > of type jar. And doing so would be more secure. > > This is really more along the line of thought here for hls too. > a file with avi/mkv/mov/mxf/mpg/mp4 extension is not a hls playlist > Could someone have added that extension by mistake, yes > similarly your jar file could be named .pdf by mistake. But thats not > a good default assumtation and i dont think anyone would assume that > by default. > > thx > > [...] But if the application expects a HLS playlist would it really be a problem if the input file ends with .avi or some other extension? The probe function just doesn't know what the application expects. Expectation and actual input type are aligned after probe. Regards, Tobias _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".