diff options
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14058.patch')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14058.patch | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14058.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14058.patch new file mode 100644 index 0000000000..95803cef55 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14058.patch | |||
@@ -0,0 +1,94 @@ | |||
1 | From 7ec414892ddcad88313848494b6fc5f437c9ca4a Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Sat, 26 Aug 2017 01:26:58 +0200 | ||
4 | Subject: [PATCH] avformat/hls: Fix DoS due to infinite loop | ||
5 | |||
6 | Fixes: loop.m3u | ||
7 | |||
8 | The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome | ||
9 | |||
10 | Found-by: Xiaohei and Wangchu from Alibaba Security Team | ||
11 | |||
12 | Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com> | ||
13 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
14 | |||
15 | CVE: CVE-2017-14058 | ||
16 | Upstream-Status: Backport | ||
17 | |||
18 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
19 | --- | ||
20 | doc/demuxers.texi | 18 ++++++++++++++++++ | ||
21 | libavformat/hls.c | 7 +++++++ | ||
22 | 2 files changed, 25 insertions(+) | ||
23 | |||
24 | diff --git a/doc/demuxers.texi b/doc/demuxers.texi | ||
25 | index 29a23d4..73dc0fe 100644 | ||
26 | --- a/doc/demuxers.texi | ||
27 | +++ b/doc/demuxers.texi | ||
28 | @@ -300,6 +300,24 @@ used to end the output video at the length of the shortest input file, | ||
29 | which in this case is @file{input.mp4} as the GIF in this example loops | ||
30 | infinitely. | ||
31 | |||
32 | +@section hls | ||
33 | + | ||
34 | +HLS demuxer | ||
35 | + | ||
36 | +It accepts the following options: | ||
37 | + | ||
38 | +@table @option | ||
39 | +@item live_start_index | ||
40 | +segment index to start live streams at (negative values are from the end). | ||
41 | + | ||
42 | +@item allowed_extensions | ||
43 | +',' separated list of file extensions that hls is allowed to access. | ||
44 | + | ||
45 | +@item max_reload | ||
46 | +Maximum number of times a insufficient list is attempted to be reloaded. | ||
47 | +Default value is 1000. | ||
48 | +@end table | ||
49 | + | ||
50 | @section image2 | ||
51 | |||
52 | Image file demuxer. | ||
53 | diff --git a/libavformat/hls.c b/libavformat/hls.c | ||
54 | index 01731bd..0995345 100644 | ||
55 | --- a/libavformat/hls.c | ||
56 | +++ b/libavformat/hls.c | ||
57 | @@ -205,6 +205,7 @@ typedef struct HLSContext { | ||
58 | AVDictionary *avio_opts; | ||
59 | int strict_std_compliance; | ||
60 | char *allowed_extensions; | ||
61 | + int max_reload; | ||
62 | } HLSContext; | ||
63 | |||
64 | static int read_chomp_line(AVIOContext *s, char *buf, int maxlen) | ||
65 | @@ -1263,6 +1264,7 @@ static int read_data(void *opaque, uint8_t *buf, int buf_size) | ||
66 | HLSContext *c = v->parent->priv_data; | ||
67 | int ret, i; | ||
68 | int just_opened = 0; | ||
69 | + int reload_count = 0; | ||
70 | |||
71 | restart: | ||
72 | if (!v->needed) | ||
73 | @@ -1294,6 +1296,9 @@ restart: | ||
74 | reload_interval = default_reload_interval(v); | ||
75 | |||
76 | reload: | ||
77 | + reload_count++; | ||
78 | + if (reload_count > c->max_reload) | ||
79 | + return AVERROR_EOF; | ||
80 | if (!v->finished && | ||
81 | av_gettime_relative() - v->last_load_time >= reload_interval) { | ||
82 | if ((ret = parse_playlist(c, v->url, v, NULL)) < 0) { | ||
83 | @@ -2150,6 +2155,8 @@ static const AVOption hls_options[] = { | ||
84 | OFFSET(allowed_extensions), AV_OPT_TYPE_STRING, | ||
85 | {.str = "3gp,aac,avi,flac,mkv,m3u8,m4a,m4s,m4v,mpg,mov,mp2,mp3,mp4,mpeg,mpegts,ogg,ogv,oga,ts,vob,wav"}, | ||
86 | INT_MIN, INT_MAX, FLAGS}, | ||
87 | + {"max_reload", "Maximum number of times a insufficient list is attempted to be reloaded", | ||
88 | + OFFSET(max_reload), AV_OPT_TYPE_INT, {.i64 = 1000}, 0, INT_MAX, FLAGS}, | ||
89 | {NULL} | ||
90 | }; | ||
91 | |||
92 | -- | ||
93 | 2.1.0 | ||
94 | |||