Opened 3 years ago

Closed 3 years ago

#8560 closed defect (fixed)

Digest authentication failed when password contains '+' character

Reported by: k2w2yut Owned by:
Priority: normal Component: avformat
Version: unspecified Keywords: rtsp
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:

  • Attempting to connect to RTSP with digest authentication by including user:password
  • After DESCRIBE failed with 401, received realm and nonce
  • Attempting to reconnect will failed
  • Check the trace log found that the response MD5 was incorrect generated, therefore, authentication failed

Workaround:

  • Replace '+' with another url-safe sign works
  • Avoid including plus character '+' in the password (haven't test with other params, and not putting '+' at the end doesn't help)

How to reproduce:

% ffmpeg -loglevel trace  -i "rtsp://test1:Hilook265+@192.168.2.102/Streaming/Channels/101"

Attachments (1)

ffmpeg-md5-bug.log (27.9 KB ) - added by k2w2yut 3 years ago.
loglevel trace fro mthe run

Download all attachments as: .zip

Change History (4)

by k2w2yut, 3 years ago

Attachment: ffmpeg-md5-bug.log added

loglevel trace fro mthe run

comment:1 by k2w2yut, 3 years ago

libavformat/httpauth.c make_digest_auth

  • Generating A1hash, A2hash logic seems to be legit just for reading the code

I couldn't debug MD5 methods further without recompiled or GDB

comment:2 by Carl Eugen Hoyos, 3 years ago

Keywords: authentication md5 removed
Version: 3.4.6unspecified

Please test current FFmpeg git head, the only version supported on this bug tracker.

comment:3 by Marton Balint, 3 years ago

Resolution: fixed
Status: newclosed

This is most probably already fixed in 3004ef1b1b1bcd6bec4ad3509662ab1a4b644149. Reopen if not.

Note: See TracTickets for help on using tickets.