From patchwork Sun Mar 7 23:14:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andriy Gelman X-Patchwork-Id: 26242 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id AF5CC448DB6 for ; Mon, 8 Mar 2021 01:22:20 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 86B196881B5; Mon, 8 Mar 2021 01:22:20 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qt1-f182.google.com (mail-qt1-f182.google.com [209.85.160.182]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A148C6806AF for ; Mon, 8 Mar 2021 01:22:13 +0200 (EET) Received: by mail-qt1-f182.google.com with SMTP id d11so6268491qtx.9 for ; Sun, 07 Mar 2021 15:22:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=YAxUtY1pS6j7Pnn5brChJksw6Wa2cy2qAYncffIeoWY=; b=X6BZ32flNBnFSA98p/tsLtNSUDN7iHshpoZAtAeE/wlRzhdssU6spm3Fk59Qeu1Eyl 7YZSOHJ1znNltE9q0X8Z64GtJGXOkvzPS7XCwMvvfQU6wRkjx84Ozf5p1c/NMyzR/64i njwi+1q8jy/A2Utsoeasqd157dgyAcGHs2pENdtPuUVxcarM0atFkX88CMEr8FZotU/m qljwdH3UI0+f5qTF0cW/s1MDjSROKAcWpvchNzV20ku+L7ASBV16h3o55TT+ptKt4yY9 LdFHJxzGcwboUx7bgfm0/otq3QboLBXp7Ab2TqpI/appoF62YyrXnsZLFo2KIsbPcZnY lwtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=YAxUtY1pS6j7Pnn5brChJksw6Wa2cy2qAYncffIeoWY=; b=eHCrGMNs3R/nMVEBqOIs0owaWKkZeVW1FD2aWONQa4GnvWP9443ZZDGBkbOU7DChjv GnB/2pdX3UnUHlxPjqae1QA4sAzfciaU21ZhOPo4EgR9yxxkb25LDCBOgSL4CWEoSXKQ oPoyONqa8ypU2MGa1ObhATxNZr68jrXdQxikRl7d3h8dnsWQh1e+J7jyyfl7BLrQIlWE TmH7RKVSBfAfd5Y7E6kVPL5t+RKzBpzVgthVNkmiXxQFwtKUfVPdgapQEHvbO0mYnmmf BIEZ1JuiGeVBjN8kU/gX8dc/X3lo9n3OAP+Cl2ilQ3BBRdiwalVNDf6Pnumr7xVEqmNM 5sdQ== X-Gm-Message-State: AOAM531Ea+TKN2vxEkAxPBMOpSdJlw94uRVy5zcNN3YJ3jkfXdrJHRSw II4n2oKvvooPRQYeH8X6I3T3BhmJ+i0= X-Google-Smtp-Source: ABdhPJwcZB92kUXnbF8nDP/BCByvT90ehmTI9tO5MSOC+ApAqvXJayWxlXm8c0kKtJ4MXT6VL5CPVg== X-Received: by 2002:a05:622a:10f:: with SMTP id u15mr18379237qtw.198.1615158906737; Sun, 07 Mar 2021 15:15:06 -0800 (PST) Received: from localhost.localdomain (c-73-149-98-40.hsd1.ma.comcast.net. [73.149.98.40]) by smtp.gmail.com with ESMTPSA id h11sm6389853qkj.135.2021.03.07.15.15.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 07 Mar 2021 15:15:06 -0800 (PST) From: Andriy Gelman X-Google-Original-From: Andriy Gelman To: ffmpeg-devel@ffmpeg.org Date: Sun, 7 Mar 2021 18:14:58 -0500 Message-Id: <20210307231458.573137-1-andriy.gelman@gmail.com> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avformat/httpauth: don't overwrite auth digest with unimplemented algorithm X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andriy Gelman Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Andriy Gelman In rtsp/http authentication the server may provide several options for hash algorithms. This includes MD5, SHA2-256 and SHA2-512/256 (RFC 7616 Section 3.7). Currently only support for MD5 is implemented in the auth code. If the SHA2 option follows the MD5 option in the server reply, the latter option will overwrite the MD5 auth info and the authorization will fail. This patch only overwrites the auth info if it's MD5. Fixes ticket #9127. Signed-off-by: Andriy Gelman --- An alternative may be to add the SHA2 code to http auth. I can work on this if people think it's a better option. Also, I could only test that the MD5 option doesn't get overwritten by modifying server responses in gdb. I could not find an rtsp server that has the SHA2 option as in #9127. libavformat/httpauth.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 4f79c78edc..0e57c5c3e5 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -101,12 +101,21 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, state); } else if (av_stristart(value, "Digest ", &p) && state->auth_type <= HTTP_AUTH_DIGEST) { + HTTPAuthState state_copy; + const char* algorithm; + memcpy(&state_copy, state, sizeof(state_copy)); + state->auth_type = HTTP_AUTH_DIGEST; memset(&state->digest_params, 0, sizeof(DigestParams)); state->realm[0] = 0; state->stale = 0; ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params, state); + algorithm = state->digest_params.algorithm; + if (strcmp(algorithm, "") && strcmp(algorithm, "MD5") && strcmp(algorithm, "MD5-sess")) { + memcpy(state, &state_copy, sizeof(state_copy)); + return; + } choose_qop(state->digest_params.qop, sizeof(state->digest_params.qop)); if (!av_strcasecmp(state->digest_params.stale, "true"))