[vlc-devel] [PATCH] Mark some options as safe

Rémi Denis-Courmont rem at videolan.org
Mon Mar 23 03:41:50 CET 2009

Le Sunday 22 March 2009 17:39:21 Laurent Aimar, vous avez écrit :
> On Wed, Mar 11, 2009, Frederik Kriewitz wrote:
> > The Patch is marking some options, which are commonly needed if VLC
> > is used as a streaming client, to be safe to allow usage in playlists.
>  I have commited some of them in [b6c17b225587f750737204335f74ec00142bc758]
> and [46fc27734fffaa81e6dde39d8be7dc276e639edb]
>  About the rtp ones, I will let courmisch review them (at least some seems
> safe).

max-src is useful, although large number might DoS the receiver. There are 
countless way you can DoS the receiver with nasty inputs, so that seems 
acceptable. misorder, dropout, key and salt are fine. I guess timeout is OK 
too. rtcp-port is already whitelisted.

>  About http-reconnect, it may create DOS at first glance. Someone would
> need to review the code and confirm it or not.

I think, we would need a backoff scheme first, e.g. exponential backoff. In 
fact, we need backoff anyway. --http-reconnect in its current form is really 
stupid, harmful and broken.

Rémi Denis-Courmont

More information about the vlc-devel mailing list