Message ID | 20210307231458.573137-1-andriy.gelman@gmail.com |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel] avformat/httpauth: don't overwrite auth digest with unimplemented algorithm | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Sun, 07. Mar 18:14, Andriy Gelman wrote: > From: Andriy Gelman <andriy.gelman@gmail.com> > > In rtsp/http authentication the server may provide several options for > hash algorithms. This includes MD5, SHA2-256 and SHA2-512/256 (RFC 7616 > Section 3.7). Currently only support for MD5 is implemented in the auth code. > > If the SHA2 option follows the MD5 option in the server reply, the > latter option will overwrite the MD5 auth info and the authorization > will fail. This patch only overwrites the auth info if it's MD5. > > Fixes ticket #9127. > > Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com> > --- > > An alternative may be to add the SHA2 code to http auth. I can work on this if > people think it's a better option. > > Also, I could only test that the MD5 option doesn't get overwritten by modifying > server responses in gdb. I could not find an rtsp server that has the SHA2 > option as in #9127. > > > libavformat/httpauth.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c > index 4f79c78edc..0e57c5c3e5 100644 > --- a/libavformat/httpauth.c > +++ b/libavformat/httpauth.c > @@ -101,12 +101,21 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, > state); > } else if (av_stristart(value, "Digest ", &p) && > state->auth_type <= HTTP_AUTH_DIGEST) { > + HTTPAuthState state_copy; > + const char* algorithm; > + memcpy(&state_copy, state, sizeof(state_copy)); > + > state->auth_type = HTTP_AUTH_DIGEST; > memset(&state->digest_params, 0, sizeof(DigestParams)); > state->realm[0] = 0; > state->stale = 0; > ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params, > state); > + algorithm = state->digest_params.algorithm; > + if (strcmp(algorithm, "") && strcmp(algorithm, "MD5") && strcmp(algorithm, "MD5-sess")) { > + memcpy(state, &state_copy, sizeof(state_copy)); > + return; > + } > choose_qop(state->digest_params.qop, > sizeof(state->digest_params.qop)); > if (!av_strcasecmp(state->digest_params.stale, "true")) > -- > 2.30.1 > ping
diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 4f79c78edc..0e57c5c3e5 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -101,12 +101,21 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, state); } else if (av_stristart(value, "Digest ", &p) && state->auth_type <= HTTP_AUTH_DIGEST) { + HTTPAuthState state_copy; + const char* algorithm; + memcpy(&state_copy, state, sizeof(state_copy)); + state->auth_type = HTTP_AUTH_DIGEST; memset(&state->digest_params, 0, sizeof(DigestParams)); state->realm[0] = 0; state->stale = 0; ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params, state); + algorithm = state->digest_params.algorithm; + if (strcmp(algorithm, "") && strcmp(algorithm, "MD5") && strcmp(algorithm, "MD5-sess")) { + memcpy(state, &state_copy, sizeof(state_copy)); + return; + } choose_qop(state->digest_params.qop, sizeof(state->digest_params.qop)); if (!av_strcasecmp(state->digest_params.stale, "true"))