Opened 8 years ago

Closed 8 years ago

#5786 closed defect (fixed)

httpauth.c has a case-sensitive header check for 'WWW-Authenticate'

Reported by: NTAuthority Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: http
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

http://git.videolan.org/?p=ffmpeg.git;a=blob;f=libavformat/httpauth.c;h=18cf36bcfece25c4f86117f444212c2608fd4bce;hb=refs/heads/master#l93

The HTTP specification (RFC 7230) claims the following:

3.2.  Header Fields

   Each header field consists of a case-insensitive field name followed
   by a colon (":"), optional leading whitespace, the field value, and
   optional trailing whitespace.

Verbose output from an older version w/ ffprobe -v debug:

[http @ 0000000004d20ac0] request: GET /mediafile HTTP/1.1
User-Agent: Lavf/56.9.100
Accept: */*
Range: bytes=0-
Connection: close
Host: hostname
Icy-MetaData: 1


[http @ 0000000004d20ac0] header='HTTP/1.1 401 Unauthorized'
[http @ 0000000004d20ac0] http_code=401
[http @ 0000000004d20ac0] header='Content-Type: text/plain; charset=utf-8'
[http @ 0000000004d20ac0] header='Server: Caddy'
[http @ 0000000004d20ac0] header='Www-Authenticate: Basic realm="Restricted"'
[http @ 0000000004d20ac0] header='X-Content-Type-Options: nosniff'
[http @ 0000000004d20ac0] header='Date: Sun, 21 Aug 2016 04:41:54 GMT'
[http @ 0000000004d20ac0] header='Content-Length: 17'
[http @ 0000000004d20ac0] header='Connection: close'
[http @ 0000000004d20ac0] header=''

http://url/: Input/output error

A more current version:

[http @ 0000000002583e00] request: GET /mediafile HTTP/1.1
User-Agent: Lavf/57.47.101
Accept: */*
Range: bytes=0-
Connection: close
Host: hostname
Icy-MetaData: 1


http://url/: Server returned 401 Unauthorized (authorization failed)

Attachments (1)

patchhttpauth.diff (1.1 KB ) - added by Carl Eugen Hoyos 8 years ago.

Download all attachments as: .zip

Change History (4)

by Carl Eugen Hoyos, 8 years ago

Attachment: patchhttpauth.diff added

comment:1 by Carl Eugen Hoyos, 8 years ago

Please test attached patch.

in reply to:  1 comment:2 by NTAuthority, 8 years ago

Replying to cehoyos:

Please test attached patch.

That seems to fix the issue, indeed.

comment:3 by Carl Eugen Hoyos, 8 years ago

Resolution: fixed
Status: newclosed

Fixed in 8f0bd1d9bad5b8aa42b5b4cec103cc4afed5eab6
Thank you for the report and the testing!

Note: See TracTickets for help on using tickets.