From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 20 Feb 2010 22:48:09 +0000 (+0000)
Subject: Do not attempt to open references through absolute pathes.
X-Git-Tag: v0.6~1202
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6a2459059e469fdb835ff4abcbc3bae9781116b3;p=platform%2Fupstream%2Flibav.git

Do not attempt to open references through absolute pathes.
This would allow an attacker to test remotely if a local file exists.

Originally committed as revision 21925 to svn://svn.ffmpeg.org/ffmpeg/trunk
---

diff --git a/libavformat/mov.c b/libavformat/mov.c
index c5e3ec0..8cc1287 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1556,11 +1556,8 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
 
 static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
 {
-    /* try absolute path */
-    if (!url_fopen(pb, ref->path, URL_RDONLY))
-        return 0;
-
-    /* try relative path */
+    /* try relative path, we do not try the absolute because it can leak information about our
+       system to an attacker */
     if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
         char filename[1024];
         char *src_path;