* [FFmpeg-devel] [PATCH] avformat/libsrt: Decode URL parameter strings @ 2023-08-10 16:13 Armin Hasitzka 2023-08-11 2:55 ` "zhilizhao(赵志立)" 0 siblings, 1 reply; 3+ messages in thread From: Armin Hasitzka @ 2023-08-10 16:13 UTC (permalink / raw) To: FFmpeg development discussions and patches [-- Attachment #1: Type: text/plain, Size: 777 bytes --] Hi again, we found this the other day when using a stream ID containing "%2F", expecting this to be resolved to "/". While "%2F" could obviously be sent decoded, "&" (decoded) would currently end the value and not be used, "+" (decoded) would be overwritten with " ", and "=" (decoded) could cause entirely unexpected outcomes (albeit all these characters being allowed by SRT for various string inputs). As for changing `av_strndup` to `ff_urldecode` (which removes a length check); I don't think that this particular length check added any protection (`av_find_info_tag` adds a trailing `\0` if found). This thinking is also evident at the two other places where `ff_urldecode` replaced `av_strdup`. It would be amazing if we could get this merged upstream :) Best Armin [-- Attachment #2: 0001-avformat-libsrt-Decode-URL-parameter-strings.patch --] [-- Type: application/octet-stream, Size: 1920 bytes --] [-- Attachment #3: Type: text/plain, Size: 251 bytes --] _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [FFmpeg-devel] [PATCH] avformat/libsrt: Decode URL parameter strings 2023-08-10 16:13 [FFmpeg-devel] [PATCH] avformat/libsrt: Decode URL parameter strings Armin Hasitzka @ 2023-08-11 2:55 ` "zhilizhao(赵志立)" 2023-08-11 15:54 ` Armin Hasitzka 0 siblings, 1 reply; 3+ messages in thread From: "zhilizhao(赵志立)" @ 2023-08-11 2:55 UTC (permalink / raw) To: FFmpeg development discussions and patches > On Aug 11, 2023, at 00:13, Armin Hasitzka <armin@grabyo.com> wrote: > > Hi again, > > we found this the other day when using a stream ID containing "%2F", > expecting this to be resolved to "/". While "%2F" could obviously be sent > decoded, "&" (decoded) would currently end the value and not be used, "+" > (decoded) would be overwritten with " ", and "=" (decoded) could cause > entirely unexpected outcomes (albeit all these characters being allowed by > SRT for various string inputs). > > As for changing `av_strndup` to `ff_urldecode` (which removes a length > check); I don't think that this particular length check added any > protection (`av_find_info_tag` adds a trailing `\0` if found). This > thinking is also evident at the two other places where `ff_urldecode` > replaced `av_strdup`. > > It would be amazing if we could get this merged upstream :) > Thanks for the contribution, but the issue is kind of complex. 1. The format of streamid isn’t take URL into consideration "#!::u=admin,r=foo” 2. Obviously some implementation and usecases depend on these fields to be passed directly without URL encoding/decoding. The same issue has been filed to srt again and again, ref. https://github.com/Haivision/srt/issues/2749 and #1871, #1173, #2015. I think we shouldn’t put these fields into URL at the first place. Now doing any change, even if it’s technically correct, will make regression issues. I have no idea to improve the code. But it’s easy to solve from the user’s point of view: don’t set these fields via URL, just use options. These is no implementation dependent behavior with options. > --- > libavformat/libsrt.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c > index cd8f5b1e7d..8986616334 100644 > --- a/libavformat/libsrt.c > +++ b/libavformat/libsrt.c > @@ -32,6 +32,7 @@ > #include "network.h" > #include "os_support.h" > #include "url.h" > +#include "urldecode.h" > > /* This is for MPEG-TS and it's a default SRTO_PAYLOADSIZE for SRTT_LIVE (8 TS packets) */ > #ifndef SRT_LIVE_DEFAULT_PAYLOAD_SIZE > @@ -547,7 +548,7 @@ static int libsrt_open(URLContext *h, const char *uri, int flags) > } > if (av_find_info_tag(buf, sizeof(buf), "passphrase", p)) { > av_freep(&s->passphrase); > - s->passphrase = av_strndup(buf, strlen(buf)); > + s->passphrase = ff_urldecode(buf, 0); > } > #if SRT_VERSION_VALUE >= 0x010302 > if (av_find_info_tag(buf, sizeof(buf), "enforced_encryption", p)) { > @@ -632,7 +633,7 @@ static int libsrt_open(URLContext *h, const char *uri, int flags) > } > if (av_find_info_tag(buf, sizeof(buf), "streamid", p)) { > av_freep(&s->streamid); > - s->streamid = av_strdup(buf); > + s->streamid = ff_urldecode(buf, 0); > if (!s->streamid) { > ret = AVERROR(ENOMEM); > goto err; > @@ -640,7 +641,7 @@ static int libsrt_open(URLContext *h, const char *uri, int flags) > } > if (av_find_info_tag(buf, sizeof(buf), "smoother", p)) { > av_freep(&s->smoother); > - s->smoother = av_strdup(buf); > + s->smoother = ff_urldecode(buf, 0); > if(!s->smoother) { > ret = AVERROR(ENOMEM); > goto err; > -- > 2.41.0 > > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [FFmpeg-devel] [PATCH] avformat/libsrt: Decode URL parameter strings 2023-08-11 2:55 ` "zhilizhao(赵志立)" @ 2023-08-11 15:54 ` Armin Hasitzka 0 siblings, 0 replies; 3+ messages in thread From: Armin Hasitzka @ 2023-08-11 15:54 UTC (permalink / raw) To: FFmpeg development discussions and patches I think accepting URL params in first place isn't inherently bad (depending on the use case, it might make certain interactions easier). I expected regressions to be brought up and just want to point out that, while absolutely possible, actual regressions will likely be fairly rare: - any "unencoded" characters will continue to work (eg "/" passed in will continue to be "/") - usage of "+" and "&" will cause unintended behaviour already ("=" _might_ cause unintended behaviour today) - the main regression comes from "%.." substrings that are _not_ meant to be url URL encoded but happen to be that and will now be turned into something else Because of this, I did not expect this patch to make it into any patch or minor release. We were hoping though, that this would be a contender for the next major one. On Fri, 11 Aug 2023 at 03:55, "zhilizhao(赵志立)" <quinkblack@foxmail.com> wrote: > > > > On Aug 11, 2023, at 00:13, Armin Hasitzka <armin@grabyo.com> wrote: > > > > Hi again, > > > > we found this the other day when using a stream ID containing "%2F", > > expecting this to be resolved to "/". While "%2F" could obviously be sent > > decoded, "&" (decoded) would currently end the value and not be used, "+" > > (decoded) would be overwritten with " ", and "=" (decoded) could cause > > entirely unexpected outcomes (albeit all these characters being allowed > by > > SRT for various string inputs). > > > > As for changing `av_strndup` to `ff_urldecode` (which removes a length > > check); I don't think that this particular length check added any > > protection (`av_find_info_tag` adds a trailing `\0` if found). This > > thinking is also evident at the two other places where `ff_urldecode` > > replaced `av_strdup`. > > > > It would be amazing if we could get this merged upstream :) > > > > Thanks for the contribution, but the issue is kind of complex. > > 1. The format of streamid isn’t take URL into consideration > > "#!::u=admin,r=foo” > > 2. Obviously some implementation and usecases depend on these fields to > be passed directly without URL encoding/decoding. > > The same issue has been filed to srt again and again, ref. > > https://github.com/Haivision/srt/issues/2749 > > and #1871, #1173, #2015. > > I think we shouldn’t put these fields into URL at the first place. > Now doing any change, even if it’s technically correct, will make > regression issues. > > I have no idea to improve the code. But it’s easy to solve from the > user’s point of view: don’t set these fields via URL, just use options. > These is no implementation dependent behavior with options. > > > --- > > libavformat/libsrt.c | 7 ++++--- > > 1 file changed, 4 insertions(+), 3 deletions(-) > > > > diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c > > index cd8f5b1e7d..8986616334 100644 > > --- a/libavformat/libsrt.c > > +++ b/libavformat/libsrt.c > > @@ -32,6 +32,7 @@ > > #include "network.h" > > #include "os_support.h" > > #include "url.h" > > +#include "urldecode.h" > > > > /* This is for MPEG-TS and it's a default SRTO_PAYLOADSIZE for > SRTT_LIVE (8 TS packets) */ > > #ifndef SRT_LIVE_DEFAULT_PAYLOAD_SIZE > > @@ -547,7 +548,7 @@ static int libsrt_open(URLContext *h, const char > *uri, int flags) > > } > > if (av_find_info_tag(buf, sizeof(buf), "passphrase", p)) { > > av_freep(&s->passphrase); > > - s->passphrase = av_strndup(buf, strlen(buf)); > > + s->passphrase = ff_urldecode(buf, 0); > > } > > #if SRT_VERSION_VALUE >= 0x010302 > > if (av_find_info_tag(buf, sizeof(buf), "enforced_encryption", > p)) { > > @@ -632,7 +633,7 @@ static int libsrt_open(URLContext *h, const char > *uri, int flags) > > } > > if (av_find_info_tag(buf, sizeof(buf), "streamid", p)) { > > av_freep(&s->streamid); > > - s->streamid = av_strdup(buf); > > + s->streamid = ff_urldecode(buf, 0); > > if (!s->streamid) { > > ret = AVERROR(ENOMEM); > > goto err; > > @@ -640,7 +641,7 @@ static int libsrt_open(URLContext *h, const char > *uri, int flags) > > } > > if (av_find_info_tag(buf, sizeof(buf), "smoother", p)) { > > av_freep(&s->smoother); > > - s->smoother = av_strdup(buf); > > + s->smoother = ff_urldecode(buf, 0); > > if(!s->smoother) { > > ret = AVERROR(ENOMEM); > > goto err; > > -- > > 2.41.0 > > > > > > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-08-11 15:54 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-08-10 16:13 [FFmpeg-devel] [PATCH] avformat/libsrt: Decode URL parameter strings Armin Hasitzka 2023-08-11 2:55 ` "zhilizhao(赵志立)" 2023-08-11 15:54 ` Armin Hasitzka
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel This inbox may be cloned and mirrored by anyone: git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \ ffmpegdev@gitmailbox.com public-inbox-index ffmpegdev Example config snippet for mirrors. AGPL code for this site: git clone https://public-inbox.org/public-inbox.git