[vlc-devel] [PATCH] Mark some options as safe
Rémi Denis-Courmont
rem at videolan.org
Mon Mar 23 03:41:50 CET 2009
Le Sunday 22 March 2009 17:39:21 Laurent Aimar, vous avez écrit :
> On Wed, Mar 11, 2009, Frederik Kriewitz wrote:
> > The Patch is marking some options, which are commonly needed if VLC
> > is used as a streaming client, to be safe to allow usage in playlists.
>
> I have commited some of them in [b6c17b225587f750737204335f74ec00142bc758]
> and [46fc27734fffaa81e6dde39d8be7dc276e639edb]
>
> About the rtp ones, I will let courmisch review them (at least some seems
> safe).
max-src is useful, although large number might DoS the receiver. There are
countless way you can DoS the receiver with nasty inputs, so that seems
acceptable. misorder, dropout, key and salt are fine. I guess timeout is OK
too. rtcp-port is already whitelisted.
> About http-reconnect, it may create DOS at first glance. Someone would
> need to review the code and confirm it or not.
I think, we would need a backoff scheme first, e.g. exponential backoff. In
fact, we need backoff anyway. --http-reconnect in its current form is really
stupid, harmful and broken.
--
Rémi Denis-Courmont
More information about the vlc-devel
mailing list