mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-08 13:22:53 +02:00
Mirror of https://git.ffmpeg.org/ffmpeg.git
e447d3143f
This reduces the attack surface of local file-system
information leaking.
It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.
Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.
The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.
Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel
This recommits the security fix without the author name joke which was
originally requested by Nicolas.
Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
|
||
|---|---|---|
| compat | ||
| doc | ||
| libavcodec | ||
| libavdevice | ||
| libavfilter | ||
| libavformat | ||
| libavresample | ||
| libavutil | ||
| libpostproc | ||
| libswresample | ||
| libswscale | ||
| presets | ||
| tests | ||
| tools | ||
| .gitattributes | ||
| .gitignore | ||
| arch.mak | ||
| Changelog | ||
| cmdutils_common_opts.h | ||
| cmdutils_opencl.c | ||
| cmdutils.c | ||
| cmdutils.h | ||
| common.mak | ||
| configure | ||
| COPYING.GPLv2 | ||
| COPYING.GPLv3 | ||
| COPYING.LGPLv2.1 | ||
| COPYING.LGPLv3 | ||
| CREDITS | ||
| ffmpeg_dxva2.c | ||
| ffmpeg_filter.c | ||
| ffmpeg_opt.c | ||
| ffmpeg_vdpau.c | ||
| ffmpeg_videotoolbox.c | ||
| ffmpeg.c | ||
| ffmpeg.h | ||
| ffplay.c | ||
| ffprobe.c | ||
| ffserver_config.c | ||
| ffserver_config.h | ||
| ffserver.c | ||
| INSTALL.md | ||
| library.mak | ||
| LICENSE.md | ||
| MAINTAINERS | ||
| Makefile | ||
| README.md | ||
| RELEASE | ||
| RELEASE_NOTES | ||
| version.sh | ||
FFmpeg README
FFmpeg is a collection of libraries and tools to process multimedia content such as audio, video, subtitles and related metadata.
Libraries
libavcodecprovides implementation of a wider range of codecs.libavformatimplements streaming protocols, container formats and basic I/O access.libavutilincludes hashers, decompressors and miscellaneous utility functions.libavfilterprovides a mean to alter decoded Audio and Video through chain of filters.libavdeviceprovides an abstraction to access capture and playback devices.libswresampleimplements audio mixing and resampling routines.libswscaleimplements color conversion and scaling routines.
Tools
- ffmpeg is a command line toolbox to manipulate, convert and stream multimedia content.
- ffplay is a minimalistic multimedia player.
- ffprobe is a simple analysis tool to inspect multimedia content.
- ffserver is a multimedia streaming server for live broadcasts.
- Additional small tools such as
aviocat,ismindexandqt-faststart.
Documentation
The offline documentation is available in the doc/ directory.
The online documentation is available in the main website and in the wiki.
Examples
Coding examples are available in the doc/examples directory.
License
FFmpeg codebase is mainly LGPL-licensed with optional components licensed under GPL. Please refer to the LICENSE file for detailed information.