[vlc-devel] [PATCH] Revert "Made http-continuous option safe."

RĂ©mi Denis-Courmont remi at remlab.net
Wed Mar 27 17:23:08 CET 2019

As seen 3 years ago with libavformat concat, concatenating streams
leads to interesting security issues such as data exfiltration.
http-continuous is essentially concatenating multiple HTTP resources.

This makes the concatenation-controlling option unsafe as is already
done within the VLC concat module.

This reverts commit b6c17b225587f750737204335f74ec00142bc758.
 modules/access/http/access.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/access/http/access.c b/modules/access/http/access.c
index bda906b47b..97f0e7f1f1 100644
--- a/modules/access/http/access.c
+++ b/modules/access/http/access.c
@@ -298,7 +298,6 @@ vlc_module_begin()
     add_bool("http-continuous", false, N_("Continuous stream"),
              N_("Keep reading a resource that keeps being updated."), true)
-        change_safe()
     add_bool("http-forward-cookies", true, N_("Cookies forwarding"),
              N_("Forward cookies across HTTP redirections."), true)

More information about the vlc-devel mailing list