[FFmpeg-devel] [PATCH]Fix http authentication
Peter Ross
pross at xvid.org
Wed Feb 26 11:13:06 CET 2014
On Wed, Feb 26, 2014 at 10:01:41AM +0100, Carl Eugen Hoyos wrote:
> Hi!
>
> Attached patch apparently fixes ticket #3417, I cannot really judge if it is
> correct.
>
> Please push / comment, Carl Eugen
> From b1e0263d839ecab3403ac710da33c8d9a206d3fb Mon Sep 17 00:00:00 2001
> From: Carl Eugen Hoyos <cehoyos at ag.or.at>
> Date: Wed, 26 Feb 2014 09:51:06 +0100
> Subject: [PATCH] Fix http authentication.
>
> Add parenthesis around "MD5" in the request string as required by
> RFC 2069.
>
> Fixes ticket #3417.
>
> Reported and tested by Haarman
> Analyzed-by: Eugen-Andrei Gavriloaie
> ---
> libavformat/httpauth.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
> index 5ca48b9..3f90975 100644
> --- a/libavformat/httpauth.c
> +++ b/libavformat/httpauth.c
> @@ -225,7 +225,7 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username,
> av_strlcatf(authstr, len, ",uri=\"%s\"", uri);
> av_strlcatf(authstr, len, ",response=\"%s\"", response);
> if (digest->algorithm[0])
> - av_strlcatf(authstr, len, ",algorithm=%s", digest->algorithm);
> + av_strlcatf(authstr, len, ",algorithm=\"%s\"", digest->algorithm);
> if (digest->opaque[0])
> av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
> if (digest->qop[0]) {
authstr size is hard coded. check that adding the quotes does not overflow it.
-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140226/03e97fcf/attachment.asc>
More information about the ffmpeg-devel
mailing list