external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

Fix command injection in api-server for HTTP callback. v5.0.157, v6.0.48

Browse source
This commit is contained in:
panda 2023-06-05 16:29:36 +08:00 committed by winlin
parent df854339ea
commit 1d878c2daa
4 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
trunk/research/api-server/server.go
View file

@ -400,10 +400,18 @@ func (v *SnapshotJob) do(ffmpegPath, inputUrl string) (err error) {
normalPicPath := path.Join(outputPicDir, fmt.Sprintf("%v", v.Stream)+"-%03d.png")
bestPng := path.Join(outputPicDir, fmt.Sprintf("%v-best.png", v.Stream))
param := fmt.Sprintf("%v -i %v -vf fps=1 -vcodec png -f image2 -an -y -vframes %v -y %v", ffmpegPath, inputUrl, v.vframes, normalPicPath)
log.Println(fmt.Sprintf("start snapshot, cmd param=%v", param))
params := []string{
"-i", inputUrl,
"-vf", "fps=1",
"-vcodec", "png",
"-f", "image2",
"-an",
"-vframes", strconv.Itoa(v.vframes),
"-y", normalPicPath,
}
log.Println(fmt.Sprintf("start snapshot, cmd param=%v %v", ffmpegPath, strings.Join(params, " ")))
timeoutCtx, _ := context.WithTimeout(v.cancelCtx, v.timeout)
cmd := exec.CommandContext(timeoutCtx, "/bin/bash", "-c", param)
cmd := exec.CommandContext(timeoutCtx, ffmpegPath, params...)
if err = cmd.Run(); err != nil {
log.Println(fmt.Sprintf("run snapshot %v cmd failed, err is %v", v.Tag(), err))
return