Commit Graph

203 Commits

Author SHA1 Message Date
Jun Zhao
6f82bf9dd3 lavf/hls: More log message
More log message, it's will help the debugging

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-06-14 13:21:38 +08:00
Steven Liu
bee0fba7e6 avformat/hls: add http 2.0 version number compare for the http_multiple
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-06-14 10:53:35 +08:00
Steven Liu
5d0652916f avformat/hls: avformat_find_stream_info when the audio list in the variant
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-06-14 10:53:29 +08:00
Jun Zhao
1e7a8b92ee lavf/hls: Update av_log() log message
Pass correct pointer to av_log() and update some error/warning message,
it's will help the debugging

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-06-07 11:30:15 +08:00
Jun Zhao
d6489ddb7a lavf/hls: Remove HLSContext.strict_std_compliance field
After the commit 9f61abc811, we can use AVFormatContext.strict_std_compliance
instead of HLSContext.strict_std_compliance to avoid the code redundancy.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-04-27 15:49:26 +08:00
Jun Zhao
abfeba9724 lavf/hls: Cleanup the applehttp
Cleanup the applehttp as demuxer name, when use the command :

ffmpeg -formats, get the confused information like:
"
 E hls             Apple HTTP Live Streaming
D  hls,applehttp   Apple HTTP Live Streaming
"
we don't use applehttp as the demuxer/muxer name usually, so
cleanup the applehttp and update the documents.

After the change, get the information from "ffmpeg -formats":
"
DE hls             Apple HTTP Live Streaming
"

Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-04-15 21:36:45 +08:00
Steven Liu
326cec3771 avformat/hls: make different warning message between open url and parse playlist
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-04-02 12:11:47 +08:00
Carl Eugen Hoyos
4d8875ec23 lavf: Constify the probe function argument.
Reviewed-by: Lauri Kasanen
Reviewed-by: Tomas Härdin
2019-03-21 11:42:17 +01:00
Carl Eugen Hoyos
3aa6208db9 lavf: Constify AVInputFormat pointer. 2019-03-20 18:52:38 +01:00
Jun Zhao
32fb83e431 lavc/hls: Cosmetics: Fix indentation for free_segment_list
Commit 673d8cfd51 missed the indent

Signed-off-by: Jun Zhao <mypopydev@gmail.com>
2019-01-19 10:13:19 +08:00
vkot
3ee735901e avformat/hls.c: Properly free prev_segments dynarray after playlist parsing 2018-12-26 19:22:11 +08:00
Steven Liu
9e61141905 avformat/hls: support decryption AES128 fmp4 m3u8 list
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2018-08-22 19:15:15 +08:00
Aman Gupta
673d8cfd51 avformat/hls: fix seeking around EVENT playlist after media sequence changes
The seek functions use first_timestamp, so keep that up to date as
old segments drop off the playlist.

Signed-off-by: Aman Gupta <aman@tmm1.net>
2018-05-16 10:19:34 -07:00
wm4
1d642ebfdb avformat/hls: don't propagate deprecated "user-agent" AVOption
This code will print a warning if any user agent is set - even if the
API user used the proper non-deprecated "user_agent" option.

This change should not even break anything, because even if the user
sets the deprecated "user-agent" option, http.c copies it to the
"user_agent" option anyway.
2018-05-04 14:16:38 +02:00
Steven Liu
223f3dff8c avformat/hls: remove redundant code
Suggested-by: Richard Shaffer <rshaffer@tunein.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2018-04-18 11:22:23 +08:00
Richard Shaffer
c116221d90 avformat/hls: clean up duplicate option fields
The HLSContext struct contains fields which duplicate the data stored in the
avio_opts field. This change removes those fields in favor of avio_opts, and
updates the code accordingly.
The original patch caused the buffer pointed to by new_cookies in open_url to be
leaked. The only thing that buffer is used for is to store the value until it
can be passed to av_dict_set. To fix the leak, v2 of the patch simply calls
av_dict_set with the AV_DICT_DONT_STRDUP_VAL flag, so that the dictionary takes
ownership of the memory instead of copying it again.

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Richard Shaffer <rshaffer@tunein.com>
2018-04-17 14:40:06 +08:00
Richard Shaffer
6a1be7561c avformat/hls: copy rw_timeout from parent to child AVIOContexts.
The rw_timeout option is currently not applied when opening media playlist,
segment, or encryption key URLs. This can cause the HLS demuxer to block
indefinitely, even when the rw_timeout option has been specified. This change
simply enables carrying over the rw_timeout option when the demuxer opens these
URLs.

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Richard Shaffer <rshaffer@tunein.com>
2018-04-17 14:39:26 +08:00
Steven Liu
0b3c1854cb Revert "avformat/hls: copy rw_timeout from parent to child AVIOContexts."
This reverts commit 36deec010c.
2018-04-17 14:33:36 +08:00
Steven Liu
36deec010c avformat/hls: copy rw_timeout from parent to child AVIOContexts.
The rw_timeout option is currently not applied when opening media playlist,
segment, or encryption key URLs. This can cause the HLS demuxer to block
indefinitely, even when the rw_timeout option has been specified. This change
simply enables carrying over the rw_timeout option when the demuxer opens these
URLs.

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Richard Shaffer <rshaffer@tunein.com>
2018-04-17 14:25:07 +08:00
Steven Liu
6fbfb20faf avformat/hls: remove redundant code
Reviewed-by: Jun Zhao <mypopydev@gmail.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2018-04-17 13:16:33 +08:00
Jun Zhao
0e49118271 lavf/hls: use ff_get_chomp_line
Signed-off-by: Jun Zhao <mypopydev@gmail.com>
2018-04-12 16:04:58 +08:00
Jun Zhao
51e3010575 lavf/hls: Remove the dead code in parse_playlist()
Signed-off-by: Jun Zhao <mypopydev@gmail.com>
Reviewed-by: Steven Liu <lq@onvideo.cn>
2018-04-04 11:04:56 +08:00
Richard Shaffer
651d5f9639 avformat/hls: Support metadata updates from subdemuxers
If a subdemuxer has the updated metadata event flag set, the metadata is copied
to the corresponding stream. The flag is cleared on the subdemuxer and the
appropriate event flag is set on the stream.

Signed-off-by: wm4 <nfxjfg@googlemail.com>
2018-02-07 12:33:37 +01:00
Steven Liu
b1af0e23a3 avformat/hls: store referer message in HLS http request
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2018-02-01 10:57:29 +08:00
Marton Balint
45ec2e44be avformat/hls: migrate to AVFormatContext->url
Signed-off-by: Marton Balint <cus@passwd.hu>
2018-01-28 23:06:43 +01:00
wm4
23ffeb91fe hls: don't print a certain warning if playlist loading is aborted
AVERROR_EXIT happens when the user's interrupt callback signals that
playback should be aborted. In this case, the demuxer shouldn't print a
warning, as it's expected that all network accesses are stopped.
2018-01-27 04:10:52 +01:00
wm4
6194d7e564 avformat, hls: add a flag to signal unavailability of seeking
The seek function can just return an error if seeking is unavailable,
but often this is too late. Add a flag that signals that the stream is
unseekable, and use it in HLS.
2018-01-27 04:10:52 +01:00
wm4
637dfa3942 hls: do not allow fallback to generic seeking
This makes little sense due to how HLS works, and only causes some
additional annoyances if the HLS read_seek function fails (for example
if it's a live stream). It was most likely unintended.
2018-01-27 04:10:52 +01:00
Steven Liu
2906363d1b avformat/hls: release mem resource to fix memleak
fix CID: 1426991

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2017-12-31 10:43:54 -08:00
Aman Gupta
97b89432e4 avformat/hls: ignore http_persistent for segments requring crypto
Encrypted HLS segments have regular http:// urls, but open_input()
actually prefixes them with crypto+ before calling open_url(), so
they end up using the crypto protocol and not the http protocol.

This means invoking ff_http_do_new_request will fail, so we avoid
calling it in the first place. After the earlier http.c commit,
the failure results in a warning printed to the user. In earlier
versions, the failure would cause a segfault.

Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-30 21:07:55 -08:00
Aman Gupta
1dd82edea5 avformat/hls: enable http_multiple only for http/1.1 servers
Some http/1.0 implementations, like python's SimpleHTTPServer, can only support one client connection at a time. Making a second request while the first is still connected leads to a deadlock.

This change enables multiple connections for http/1.1 servers only, which need to support keepalive by default and should have no problem with concurrent requests.

Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-26 14:53:19 -08:00
Aman Gupta
ac19e63b18 avformat/hls: respect http_persistent only for http playlist urls
Fixes a segfault when reading a live playlist (without end tag) from non-http url (like a file on disk).

Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-26 14:48:14 -08:00
Aman Gupta
a232a72d77 avformat/hls: return AVERROR_PROTOCOL_NOT_FOUND when http protocol is not available
Fixes compile error when building with network or protocols disabled.

This code would never be reached (because the demuxer fails much earlier on http playlists or segments), so it doesn't matter much what we do here as long as it compiles.

Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-26 14:48:13 -08:00
Aman Gupta
2f9ca64556 avformat/hls: remove repeated http proto_name checks in open_url()
Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-26 14:48:13 -08:00
Aman Gupta
207e98b4e5 avformat/hls: fix SEGV in previous commit
Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-24 12:31:27 -08:00
Aman Gupta
b33cf73507 avformat/hls: fix memory leak with non-http segments
Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-24 11:59:32 -08:00
Aman Gupta
3d95868d1b avformat/hls: fix CID 1426930
Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-24 11:58:30 -08:00
Aman Gupta
5f4a32a6e3 avformat/hls: hide misleading warning when http reconnect is required
AVERROR_EOF is an internal error which means the http socket is no longer
valid for new requests. It informs the caller that a new connection must
be established, and as such does not need to be surfaced to the user as
a warning.

Signed-off-by: Aman Gupta <aman@tmm1.net>
2017-12-22 16:41:41 -08:00
Aman Gupta
1f0eaa02aa avformat/hls: add http_multiple option
This improves network throughput of the hls demuxer by avoiding
the latency introduced by downloading segments one at a time.

The problem is particularly noticable over high-latency network
connections: for instance, if RTT is 250ms, there will a 250ms idle
period between when one segment response is read and the next one
starts.

The obvious solution to this is to use HTTP pipelining, where a
second request can be sent (on the persistent http/1.1 connection)
before the first response is fully read. Unfortunately the way the
http protocol is implemented in avformat makes implementing pipleining
very complex.

Instead, this commit simulates pipelining using two separate persistent
http connections. This has the advantage of working independently of
the http_persistent option, and can be used with http/1.0 servers as
well. The pair of connections is swapped every time a new segment starts
downloading, and a request for the next segment is sent on the secondary
connection right away. This means the second response will be ready and
waiting by the time the current response is fully read.

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
2017-12-22 14:42:50 -08:00
Aman Gupta
03765aa6fa avformat/hls: allow open_input to be re-used
Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
2017-12-22 14:42:50 -08:00
Aman Gupta
b7d6c0cd48 avformat/hls: add http_persistent option
This teaches the HLS demuxer to use the HTTP protocols
multiple_requests=1 option, to take advantage of "Connection:
Keep-Alive" when downloading playlists and segments from the HLS server.

With the new option, you can avoid TCP connection and TLS negotiation
overhead, which is particularly beneficial when streaming via a
high-latency internet connection.

Similar to the http_persistent option recently implemented in hlsenc.c

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
2017-12-22 14:42:50 -08:00
Anssi Hannula
143552095d avformat/hls: Obey AVProgram discard flags
Currently HLS demuxer only obeys AVStream discard flags but not
AVProgram (which bandwidth variants appear as) discard flags.

Fix that.
2017-11-28 12:47:42 +02:00
Anssi Hannula
1dff9adcb9 avformat/hls: Factor playlist need check to a common function 2017-11-28 12:30:31 +02:00
James Almer
318778de9e Merge commit 'fd9212f2edfe9b107c3c08ba2df5fd2cba5ab9e3'
* commit 'fd9212f2edfe9b107c3c08ba2df5fd2cba5ab9e3':
  Mark some arrays that never change as const.

Merged-by: James Almer <jamrial@gmail.com>
2017-09-26 16:02:40 -03:00
Michael Niedermayer
7ec414892d avformat/hls: Fix DoS due to infinite loop
Fixes: loop.m3u

The default max iteration count of 1000 is arbitrary and ideas for a better solution are welcome

Found-by: Xiaohei and Wangchu from Alibaba Security Team

Previous version reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-27 19:19:00 +02:00
Michael Niedermayer
189ff42196 avformat/hls: Check local file extensions
This reduces the attack surface of local file-system
information leaking.

It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.

Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.

The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.

Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel

This recommits the security fix without the author name joke which was
originally requested by Nicolas.

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 13:55:01 +02:00
Michael Niedermayer
c0702ab830 Revert "avformat/hls: Check local file extensions"
Requested-by: Paul B Mahol <onemda@gmail.com>
This reverts commit caf7d6178a.
2017-06-05 13:55:01 +02:00
Sysiphus
caf7d6178a avformat/hls: Check local file extensions
This reduces the attack surface of local file-system
information leaking.

It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.

Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.

The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.

Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel

Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 03:03:11 +02:00
Micah Galizia
c4c73020f4 libavformat/hls: Observe Set-Cookie headers
Signed-off-by: Micah Galizia <micahgalizia@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 02:00:08 +02:00
Clément Bœsch
ef01061225 lavf/hls: do not transfer custom IO flag
See 0dcac9c3f0
2017-05-22 17:31:32 +02:00