(Security) issue in FFMPEG posting HttpProxy as HTTP header - Basje - 2015-11-18
I don't want to cross post, but I do want to emphasize the security aspect of an issue I already posted on trac (http://trac.kodi.tv/ticket/16336). I posted it a while ago, but after some recent discussion with a colleague the conclusion was that the original issue might have a security related side affect.
The issue is that if you would specify a proxy in the url like this:
Code: http://something.com/somestream.m3u8|HttpProxy=http://user:[email protected]:8888
FFMPEG does not recognise it as a proxy value and posts it as HTTP header (because you can also add HTTP headers like this). So it will not use the proxy, but it will send the data as HTTP header. But the data might include the username and/or password for the proxy. That is something you don't want to send as an HTTP header.
I checked this on Kodi 15.x up until 16.0 B1 and they al l have this issue.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - fritsch - 2015-11-18
Which assumption tells you - that this is the proper way to tell ffmpeg to use this as http Proxy?
If you feel this is an issue of ffmpeg -> file a bug with them. This has nothing to do with kodi.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - Basje - 2015-11-18
Well, it has been for over 2 years: https://github.com/xbmc/xbmc/pull/3682
And it worked like that for quite some time.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - ironic_monkey - 2015-11-18
Watch it fritsch
Protocol options are out invention. They should be filtered out though as ffmpeg does not handle http for us, rather filecurl does.
That being said problem is these are case sensitive. It is all lower, no caps.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - fritsch - 2015-11-18
Oh noes ... again another selfmade pain then ... yeah - not an ffmpeg but ... which was my point. I did not know about this other crap ...
out == our? :-(
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - fritsch - 2015-11-18
Looking here: https://github.com/xbmc/xbmc/blob/master/xbmc/filesystem/CurlFile.cpp#L785 lower or upper or mixed should not make an issue.
@Basje: Add a CLog::Log(LOGNOTICE, "Param %s", name.c_str()); into the option parsing loop please and see why this is not parsed correctly.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - ironic_monkey - 2015-11-18
Ah missed the sneaky lowering on the same line. Out was our stupid phone kb..
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - ironic_monkey - 2015-11-18
Option value needs to be url encoded of course
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - fritsch - 2015-11-18
Looking at the code a bit further - it is quite fugly and spread all arround the Code, URL, UrlOptions, CurlFile and so on - but it "looks not that insane"
Curious on the output his log will give. I think the splitting won't work according to UrlOptions we seem to expect something encoded.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - Basje - 2015-11-18
Ok, so I do see this line:
Code: 21:35:35 T:11300 DEBUG: Overriding proxy from URL parameter: http://127.0.0.1:8888/, type 0
which means that the
Code: void CCurlFile::SetStreamProxy(const std::string &proxy, ProxyType type)
is working, but after that the proxy seems to disappear. Here is my log starting from the logline above
Code: 21:35:35 T:11300 DEBUG: Overriding proxy from URL parameter: http://127.0.0.1:8888/, type 0
21:35:35 T:11300 INFO: XCURL::DllLibCurlGlobal::easy_aquire - Created session to http://svtplay12h-f.akamaihd.net
21:35:35 T:11300 DEBUG: CCurlFile::GetMimeType - http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=|HttpProxy=http://127.0.0.1:8888 -> application/vnd.apple.mpegurl
21:35:35 T:11300 DEBUG: Loading settings for http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=|HttpProxy=http://127.0.0.1:8888
21:35:35 T:11300 DEBUG: CPlayerCoreFactory::GetPlayers(http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=|HttpProxy=http://127.0.0.1:8888)
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: system rules
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: matches rule: system rules
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: mms/udp
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: lastfm/shout
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: rtmp
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: rtsp
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: streams
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: matches rule: streams
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: aacp/sdp
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: mp2
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: dvd
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: dvdimage
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: sdp/asf
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: nsv
21:35:35 T:11300 DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: radio
21:35:35 T:11300 DEBUG: CPlayerCoreFactory::GetPlayers: matched 0 rules with players
21:35:35 T:11300 DEBUG: CPlayerCoreFactory::GetPlayers: adding videodefaultplayer (1)
21:35:35 T:11300 DEBUG: CPlayerCoreFactory::GetPlayers: for video=1, audio=0
21:35:35 T:11300 DEBUG: CPlayerCoreFactory::GetPlayers: for video=1, audio=1
21:35:35 T:11300 DEBUG: CPlayerCoreFactory::GetPlayers: adding player: DVDPlayer (1)
21:35:35 T:11300 DEBUG: CPlayerCoreFactory::GetPlayers: added 1 players
21:35:35 T:11300 DEBUG: Radio UECP (RDS) Processor - new CDVDRadioRDSData::CDVDRadioRDSData
21:35:35 T:11300 NOTICE: DVDPlayer: Opening: http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=|HttpProxy=http://127.0.0.1:8888
21:35:35 T:11300 WARNING: CDVDMessageQueue(player)::Put MSGQ_NOT_INITIALIZED
21:35:35 T:11300 DEBUG: CRenderManager::UpdateDisplayLatency - Latency set to 0 msec
21:35:35 T:11624 DEBUG: Thread DVDPlayer start, auto delete: false
21:35:35 T:11624 NOTICE: Creating InputStream
21:35:35 T:11624 DEBUG: CFileCache::Open - opening <i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8> using cache
21:35:35 T:11624 DEBUG: Overriding proxy from URL parameter: http://127.0.0.1:8888/, type 0
21:35:35 T:11624 DEBUG: CurlFile::Open(123ED150) http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=
21:35:35 T:11804 DEBUG: Thread FileCache start, auto delete: false
21:35:35 T:11804 INFO: CFileCache::Process - Hit eof.
21:35:35 T:12012 DEBUG: Thread FileCache start, auto delete: false
21:35:35 T:12012 INFO: CFileCache::Process - Hit eof.
21:35:35 T:11804 DEBUG: Thread FileCache 11804 terminating
21:35:35 T:11520 DEBUG: Caching image 'http://www.svt.se/cachable_image/1447623000000/svts/article4809300.svt/ALTERNATES/large/default_title' to '8/85ff9a0d.jpg':
21:35:35 T:11520 DEBUG: cached image 'special://masterprofile/Thumbnails/8/85ff9a0d.jpg' size 650x366
21:35:35 T:12012 DEBUG: Thread FileCache 12012 terminating
21:35:35 T:11624 NOTICE: Creating Demuxer
21:35:35 T:11624 ERROR: CCurlFile::GetCookies - invalid cookie: 'content.omroep.nl FALSE / FALSE 0 balancer://dlr2cl '
21:35:35 T:11624 DEBUG: ffmpeg[2D68]: Using network protocols without global network initialization. Please use avformat_network_init(), this will become mandatory later.
21:35:36 T:11624 DEBUG: Previous line repeats 1 times.
21:35:36 T:11624 DEBUG: ffmpeg[2D68]: [hls,applehttp] HLS request for url 'http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/segment1_0_av.ts?null=', offset 0, playlist 0
21:35:36 T:11624 DEBUG: ffmpeg[2D68]: Using network protocols without global network initialization. Please use avformat_network_init(), this will become mandatory later.
21:35:36 T:11624 DEBUG: Previous line repeats 1 times.
21:35:36 T:11624 DEBUG: ffmpeg[2D68]: [mpegts] parser not found for codec timed_id3, packets or times may be invalid.
21:35:36 T:11624 ERROR: ffmpeg[2D68]: [h264] non-existing SPS 0 referenced in buffering period
21:35:36 T:11624 DEBUG: ffmpeg[2D68]: [h264] Current profile doesn't provide more RBSP data in PPS, skipping
21:35:36 T:11624 ERROR: ffmpeg[2D68]: [h264] non-existing SPS 0 referenced in buffering period
21:35:36 T:11300 DEBUG: ------ Window Deinit (DialogBusy.xml) ------
21:35:36 T:11624 DEBUG: CDVDDemuxFFmpeg::Open - avformat_find_stream_info starting
21:35:36 T:11624 ERROR: ffmpeg[2D68]: [h264] non-existing SPS 0 referenced in buffering period
21:35:36 T:11624 DEBUG: CDVDDemuxFFmpeg::Open - av_find_stream_info finished
21:35:36 T:11624 INFO: ffmpeg[2D68]: Input #0, hls,applehttp, from 'http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=':
21:35:36 T:11624 INFO: ffmpeg[2D68]: Duration: 00:44:16.16, start: 10.099667, bitrate: 0 kb/s
21:35:36 T:11624 INFO: ffmpeg[2D68]: Program 0
21:35:36 T:11624 INFO: ffmpeg[2D68]: Metadata:
21:35:36 T:11624 INFO: ffmpeg[2D68]: variant_bitrate : 0
21:35:36 T:11624 INFO: ffmpeg[2D68]: Stream #0:0: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p(tv, bt709), 1280x720 [SAR 1:1 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc
21:35:36 T:11624 INFO: ffmpeg[2D68]: Stream #0:1: Audio: aac (HE-AAC) ([15][0][0][0] / 0x000F), 48000 Hz, stereo, fltp, 90 kb/s
21:35:36 T:11624 INFO: ffmpeg[2D68]: Stream #0:2: Data: timed_id3 (ID3 / 0x20334449)
I used to have a full Kodi DEV environment for local building and debugging, but after my reinstall that is not up and running.
EDIT: by the way I tried httpproxy instead of HttpProxy and also urlencoded the value (http://localhost:8888) but that did not do the trick.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - fritsch - 2015-11-18
As said above it does not matter if upper or lower case ... it is made lower case by the code ...
Get your build environment up and running - I am busy with AE and have no time to look into foreign code.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - fritsch - 2015-11-18
I stepped through the debugger ... the code is working as it should. Proxy is parsed correctly and set - I also don't see where you security issue is ... as the params are stripped away after using them.
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - Basje - 2015-11-19
(2015-11-18, 23:40)fritsch Wrote: I stepped through the debugger ... the code is working as it should. Proxy is parsed correctly and set - I also don't see where you security issue is ... as the params are stripped away after using them.
Thanks for taking the effort for trying to debug. What I did to check this was
- setup Fiddler on my laptop as the Kodi proxy (from the Kodi settings)
- setup Fiddler on localhost for the streams
When I then play a stream with an <url>|HttpProxy=http://127.0.0.1:8888 added, it should strip that info and use the proxy. But it seems to use the Kodi proxy and does not strip the info as I see this on my laptop Fiddler:
Even if I do not configure the Kodi proxy, it will not use the localhost one and the data is not stripped. This was using the Kodi 16 B1.
Edit: perhaps I should mention that I noticed that if I change a proxy from within Kodi itself it does require a restart of Kodi to pick it up? Could this be related?
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - fritsch - 2015-11-19
The code I looked into works as it should ... I think the problem is the .m3u8 extension ... if you check with an .mp3 directly it should work ...
RE: (Security) issue in FFMPEG posting HttpProxy as HTTP header - ironic_monkey - 2015-11-19
Aha. hls is handled by ffmpeg. At that point the option will be iignored.
|