[vlc-devel] commit: http: limit the number of redirection we can follow. ( Rémi Duraffort )

git version control git at videolan.org
Tue Jul 7 10:35:17 CEST 2009


vlc | branch: master | Rémi Duraffort <ivoire at videolan.org> | Sat Jul  4 15:26:20 2009 +0200| [322eab0c2df0dc4a39388114b2382e3ee0e16cf6] | committer: Rémi Duraffort 

http: limit the number of redirection we can follow.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=322eab0c2df0dc4a39388114b2382e3ee0e16cf6
---

 modules/access/http.c |   25 +++++++++++++++++++++++--
 1 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/modules/access/http.c b/modules/access/http.c
index 7967781..d8398ea 100644
--- a/modules/access/http.c
+++ b/modules/access/http.c
@@ -95,6 +95,9 @@ static void Close( vlc_object_t * );
 #define FORWARD_COOKIES_TEXT N_("Forward Cookies")
 #define FORWARD_COOKIES_LONGTEXT N_("Forward Cookies across http redirections.")
 
+#define MAX_REDIRECT_TEXT N_("Max number of redirection")
+#define MAX_REDIRECT_LONGTEXT N_("Limit the number of redirection to follow.")
+
 vlc_module_begin ()
     set_description( N_("HTTP input") )
     set_capability( "access", 0 )
@@ -118,6 +121,8 @@ vlc_module_begin ()
         change_safe()
     add_bool( "http-forward-cookies", true, NULL, FORWARD_COOKIES_TEXT,
               FORWARD_COOKIES_LONGTEXT, true )
+    add_integer( "http-max-redirect", 5, NULL, MAX_REDIRECT_TEXT,
+                 MAX_REDIRECT_LONGTEXT, true )
     add_obsolete_string("http-user")
     add_obsolete_string("http-pwd")
     add_shortcut( "http" )
@@ -206,6 +211,7 @@ struct access_sys_t
 
 /* */
 static int OpenWithCookies( vlc_object_t *p_this, const char *psz_access,
+                            int i_nb_redirect, int i_max_redirect,
                             vlc_array_t *cookies );
 
 /* */
@@ -240,7 +246,8 @@ static void AuthReset( http_auth_t *p_auth );
 static int Open( vlc_object_t *p_this )
 {
     access_t *p_access = (access_t*)p_this;
-    return OpenWithCookies( p_this, p_access->psz_access, NULL );
+    return OpenWithCookies( p_this, p_access->psz_access, 0,
+                var_CreateGetInteger( p_access, "http-max-redirect" ), NULL );
 }
 
 /**
@@ -248,15 +255,19 @@ static int Open( vlc_object_t *p_this )
  * @param p_this: the vlc object
  * @psz_access: the acces to use (http, https, ...) (this value must be used
  *              instead of p_access->psz_access)
+ * @i_nb_redirect: the number of redirection already done
+ * @i_max_redirect: limit to the number of redirection to follow
  * @cookies: the available cookies
  * @return vlc error codes
  */
 static int OpenWithCookies( vlc_object_t *p_this, const char *psz_access,
+                            int i_nb_redirect, int i_max_redirect,
                             vlc_array_t *cookies )
 {
     access_t     *p_access = (access_t*)p_this;
     access_sys_t *p_sys;
     char         *psz, *p;
+
     /* Only forward an store cookies if the corresponding option is activated */
     bool   b_forward_cookies = var_CreateGetBool( p_access, "http-forward-cookies" );
     vlc_array_t * saved_cookies = b_forward_cookies ? (cookies ? cookies : vlc_array_new()) : NULL;
@@ -483,6 +494,15 @@ connect:
     {
         msg_Dbg( p_access, "redirection to %s", p_sys->psz_location );
 
+        /* Check the number of redirection already done */
+        if( i_nb_redirect >= i_max_redirect )
+        {
+            msg_Err( p_access, "Too many redirection: break potential infinite"
+                     "loop" );
+            goto error;
+        }
+
+
         /* Do not accept redirection outside of HTTP works */
         const char *psz_protocol;
         if( !strncmp( p_sys->psz_location, "http:", 5 ) )
@@ -515,7 +535,8 @@ connect:
         free( p_sys );
 
         /* Do new Open() run with new data */
-        return OpenWithCookies( p_this, psz_protocol, cookies );
+        return OpenWithCookies( p_this, psz_protocol, i_nb_redirect + 1,
+                                i_max_redirect, cookies );
     }
 
     if( p_sys->b_mms )




More information about the vlc-devel mailing list