[Basje]

I don't want to cross post, but I do want to emphasize the security aspect of an issue I already posted on trac (http://trac.kodi.tv/ticket/16336). I posted it a while ago, but after some recent discussion with a colleague the conclusion was that the original issue might have a security related side affect.

The issue is that if you would specify a proxy in the url like this: ​

Code:

http://something.com/somestream.m3u8|HttpProxy=http://user:[email protected]:8888

FFMPEG does not recognise it as a proxy value and posts it as HTTP header (because you can also add HTTP headers like this). So it will not use the proxy, but it will send the data as HTTP header. But the data might include the username and/or password for the proxy. That is something you don't want to send as an HTTP header.

I checked this on Kodi 15.x up until 16.0 B1 and they al l have this issue.

[fritsch]

Which assumption tells you - that this is the proper way to tell ffmpeg to use this as http Proxy?

If you feel this is an issue of ffmpeg -> file a bug with them. This has nothing to do with kodi.

[Basje]

Well, it has been for over 2 years: https://github.com/xbmc/xbmc/pull/3682

And it worked like that for quite some time.

[ironic_monkey]

Watch it fritsch

Protocol options are out invention. They should be filtered out though as ffmpeg does not handle http for us, rather filecurl does.

That being said problem is these are case sensitive. It is all lower, no caps.

[fritsch]

Oh noes ... again another selfmade pain then ... yeah - not an ffmpeg but ... which was my point. I did not know about this other crap ...

out == our? :-(

[fritsch]

Looking here: https://github.com/xbmc/xbmc/blob/master...e.cpp#L785 lower or upper or mixed should not make an issue.

@Basje: Add a CLog::Log(LOGNOTICE, "Param %s", name.c_str()); into the option parsing loop please and see why this is not parsed correctly.

[ironic_monkey]

Ah missed the sneaky lowering on the same line. Out was our stupid phone kb..

[ironic_monkey]

Option value needs to be url encoded of course

[fritsch]

Looking at the code a bit further - it is quite fugly and spread all arround the Code, URL, UrlOptions, CurlFile and so on - but it "looks not that insane"

Curious on the output his log will give. I think the splitting won't work according to UrlOptions we seem to expect something encoded.

[Basje]

Ok, so I do see this line:

Code:

21:35:35 T:11300   DEBUG: Overriding proxy from URL parameter: http://127.0.0.1:8888/, type 0

which means that the

Code:

void CCurlFile::SetStreamProxy(const std::string &proxy, ProxyType type)

is working, but after that the proxy seems to disappear. Here is my log starting from the logline above

Code:

21:35:35 T:11300   DEBUG: Overriding proxy from URL parameter: http://127.0.0.1:8888/, type 0
21:35:35 T:11300    INFO: XCURL::DllLibCurlGlobal::easy_aquire - Created session to http://svtplay12h-f.akamaihd.net
21:35:35 T:11300   DEBUG: CCurlFile::GetMimeType - http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=|HttpProxy=http://127.0.0.1:8888 -> application/vnd.apple.mpegurl
21:35:35 T:11300   DEBUG: Loading settings for http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=|HttpProxy=http://127.0.0.1:8888
21:35:35 T:11300   DEBUG: CPlayerCoreFactory::GetPlayers(http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=|HttpProxy=http://127.0.0.1:8888)
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: system rules
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: matches rule: system rules
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: mms/udp
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: lastfm/shout
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: rtmp
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: rtsp
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: streams
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: matches rule: streams
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: aacp/sdp
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: mp2
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: dvd
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: dvdimage
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: sdp/asf
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: nsv
21:35:35 T:11300   DEBUG: CPlayerSelectionRule::GetPlayers: considering rule: radio
21:35:35 T:11300   DEBUG: CPlayerCoreFactory::GetPlayers: matched 0 rules with players
21:35:35 T:11300   DEBUG: CPlayerCoreFactory::GetPlayers: adding videodefaultplayer (1)
21:35:35 T:11300   DEBUG: CPlayerCoreFactory::GetPlayers: for video=1, audio=0
21:35:35 T:11300   DEBUG: CPlayerCoreFactory::GetPlayers: for video=1, audio=1
21:35:35 T:11300   DEBUG: CPlayerCoreFactory::GetPlayers: adding player: DVDPlayer (1)
21:35:35 T:11300   DEBUG: CPlayerCoreFactory::GetPlayers: added 1 players
21:35:35 T:11300   DEBUG: Radio UECP (RDS) Processor - new CDVDRadioRDSData::CDVDRadioRDSData
21:35:35 T:11300  NOTICE: DVDPlayer: Opening: http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=|HttpProxy=http://127.0.0.1:8888
21:35:35 T:11300 WARNING: CDVDMessageQueue(player)::Put MSGQ_NOT_INITIALIZED
21:35:35 T:11300   DEBUG: CRenderManager::UpdateDisplayLatency - Latency set to 0 msec
21:35:35 T:11624   DEBUG: Thread DVDPlayer start, auto delete: false
21:35:35 T:11624  NOTICE: Creating InputStream
21:35:35 T:11624   DEBUG: CFileCache::Open - opening <i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8> using cache
21:35:35 T:11624   DEBUG: Overriding proxy from URL parameter: http://127.0.0.1:8888/, type 0
21:35:35 T:11624   DEBUG: CurlFile::Open(123ED150) http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=
21:35:35 T:11804   DEBUG: Thread FileCache start, auto delete: false
21:35:35 T:11804    INFO: CFileCache::Process - Hit eof.
21:35:35 T:12012   DEBUG: Thread FileCache start, auto delete: false
21:35:35 T:12012    INFO: CFileCache::Process - Hit eof.
21:35:35 T:11804   DEBUG: Thread FileCache 11804 terminating
21:35:35 T:11520   DEBUG: Caching image 'http://www.svt.se/cachable_image/1447623000000/svts/article4809300.svt/ALTERNATES/large/default_title' to '8/85ff9a0d.jpg':
21:35:35 T:11520   DEBUG: cached image 'special://masterprofile/Thumbnails/8/85ff9a0d.jpg' size 650x366
21:35:35 T:12012   DEBUG: Thread FileCache 12012 terminating
21:35:35 T:11624  NOTICE: Creating Demuxer
21:35:35 T:11624   ERROR: CCurlFile::GetCookies - invalid cookie: 'content.omroep.nl    FALSE    /    FALSE    0    balancer://dlr2cl    '
21:35:35 T:11624   DEBUG: ffmpeg[2D68]: Using network protocols without global network initialization. Please use avformat_network_init(), this will become mandatory later.
21:35:36 T:11624   DEBUG: Previous line repeats 1 times.
21:35:36 T:11624   DEBUG: ffmpeg[2D68]: [hls,applehttp] HLS request for url 'http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/segment1_0_av.ts?null=', offset 0, playlist 0
21:35:36 T:11624   DEBUG: ffmpeg[2D68]: Using network protocols without global network initialization. Please use avformat_network_init(), this will become mandatory later.
21:35:36 T:11624   DEBUG: Previous line repeats 1 times.
21:35:36 T:11624   DEBUG: ffmpeg[2D68]: [mpegts] parser not found for codec timed_id3, packets or times may be invalid.
21:35:36 T:11624   ERROR: ffmpeg[2D68]: [h264] non-existing SPS 0 referenced in buffering period
21:35:36 T:11624   DEBUG: ffmpeg[2D68]: [h264] Current profile doesn't provide more RBSP data in PPS, skipping
21:35:36 T:11624   ERROR: ffmpeg[2D68]: [h264] non-existing SPS 0 referenced in buffering period
21:35:36 T:11300   DEBUG: ------ Window Deinit (DialogBusy.xml) ------
21:35:36 T:11624   DEBUG: CDVDDemuxFFmpeg::Open - avformat_find_stream_info starting
21:35:36 T:11624   ERROR: ffmpeg[2D68]: [h264] non-existing SPS 0 referenced in buffering period
21:35:36 T:11624   DEBUG: CDVDDemuxFFmpeg::Open - av_find_stream_info finished
21:35:36 T:11624    INFO: ffmpeg[2D68]: Input #0, hls,applehttp, from 'http://svtplay12h-f.akamaihd.net/i/world/open/20151109/1368841-011A/EPISOD-1368841-011A-62725568035128d0_,892,144,252,360,540,1584,2700,.mp4.csmil/index_0_av.m3u8?null=':
21:35:36 T:11624    INFO: ffmpeg[2D68]:   Duration: 00:44:16.16, start: 10.099667, bitrate: 0 kb/s
21:35:36 T:11624    INFO: ffmpeg[2D68]:   Program 0
21:35:36 T:11624    INFO: ffmpeg[2D68]:     Metadata:
21:35:36 T:11624    INFO: ffmpeg[2D68]:       variant_bitrate : 0
21:35:36 T:11624    INFO: ffmpeg[2D68]:     Stream #0:0: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p(tv, bt709), 1280x720 [SAR 1:1 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc
21:35:36 T:11624    INFO: ffmpeg[2D68]:     Stream #0:1: Audio: aac (HE-AAC) ([15][0][0][0] / 0x000F), 48000 Hz, stereo, fltp, 90 kb/s
21:35:36 T:11624    INFO: ffmpeg[2D68]:     Stream #0:2: Data: timed_id3 (ID3  / 0x20334449)

I used to have a full Kodi DEV environment for local building and debugging, but after my reinstall that is not up and running.

EDIT: by the way I tried httpproxy instead of HttpProxy and also urlencoded the value (http://localhost:8888) but that did not do the trick.

[fritsch]

As said above it does not matter if upper or lower case ... it is made lower case by the code ...

Get your build environment up and running - I am busy with AE and have no time to look into foreign code.

[fritsch]

I stepped through the debugger ... the code is working as it should. Proxy is parsed correctly and set - I also don't see where you security issue is ... as the params are stripped away after using them.

[Basje]

I stepped through the debugger ... the code is working as it should. Proxy is parsed correctly and set - I also don't see where you security issue is ... as the params are stripped away after using them.

Thanks for taking the effort for trying to debug. What I did to check this was

• setup Fiddler on my laptop as the Kodi proxy (from the Kodi settings)
  
• setup Fiddler on localhost for the streams
  

When I then play a stream with an <url>|HttpProxy=http://127.0.0.1:8888 added, it should strip that info and use the proxy. But it seems to use the Kodi proxy and does not strip the info as I see this on my laptop Fiddler:



Even if I do not configure the Kodi proxy, it will not use the localhost one and the data is not stripped. This was using the Kodi 16 B1.

Edit: perhaps I should mention that I noticed that if I change a proxy from within Kodi itself it does require a restart of Kodi to pick it up? Could this be related?

[fritsch]

The code I looked into works as it should ... I think the problem is the .m3u8 extension ... if you check with an .mp3 directly it should work ...

[ironic_monkey]

Aha. hls is handled by ffmpeg. At that point the option will be iignored.