From 5423e908c9f5f12f599f6c9625ac9539be671695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antti=20Sepp=C3=A4l=C3=A4?= Date: Wed, 25 Jul 2012 12:43:39 +0300 Subject: [PATCH] Support urlencoded http authentication credentials MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It should be possible to specify usernames in http requests containing urlencoded characters. This patch adds support for decoding the auth strings. Signed-off-by: Antti Seppälä Signed-off-by: Martin Storsjö --- libavformat/Makefile | 11 +++--- libavformat/httpauth.c | 25 ++++++++---- libavformat/urldecode.c | 87 +++++++++++++++++++++++++++++++++++++++++ libavformat/urldecode.h | 35 +++++++++++++++++ libavformat/version.h | 2 +- 5 files changed, 147 insertions(+), 13 deletions(-) create mode 100644 libavformat/urldecode.c create mode 100644 libavformat/urldecode.h diff --git a/libavformat/Makefile b/libavformat/Makefile index 2eb3e9c8de..ffb234f3d4 100644 --- a/libavformat/Makefile +++ b/libavformat/Makefile @@ -277,9 +277,10 @@ OBJS-$(CONFIG_RTPDEC) += rdt.o \ rtpdec_svq3.o \ rtpdec_vp8.o \ rtpdec_xiph.o -OBJS-$(CONFIG_RTSP_DEMUXER) += rtsp.o rtspdec.o httpauth.o +OBJS-$(CONFIG_RTSP_DEMUXER) += rtsp.o rtspdec.o httpauth.o \ + urldecode.o OBJS-$(CONFIG_RTSP_MUXER) += rtsp.o rtspenc.o httpauth.o \ - rtpenc_chain.o + rtpenc_chain.o urldecode.o OBJS-$(CONFIG_SAP_DEMUXER) += sapdec.o OBJS-$(CONFIG_SAP_MUXER) += sapenc.o rtpenc_chain.o OBJS-$(CONFIG_SDP_DEMUXER) += rtsp.o @@ -346,9 +347,9 @@ OBJS-$(CONFIG_FFRTMPHTTP_PROTOCOL) += rtmphttp.o OBJS-$(CONFIG_FILE_PROTOCOL) += file.o OBJS-$(CONFIG_GOPHER_PROTOCOL) += gopher.o OBJS-$(CONFIG_HLS_PROTOCOL) += hlsproto.o -OBJS-$(CONFIG_HTTP_PROTOCOL) += http.o httpauth.o -OBJS-$(CONFIG_HTTPPROXY_PROTOCOL) += http.o httpauth.o -OBJS-$(CONFIG_HTTPS_PROTOCOL) += http.o httpauth.o +OBJS-$(CONFIG_HTTP_PROTOCOL) += http.o httpauth.o urldecode.o +OBJS-$(CONFIG_HTTPPROXY_PROTOCOL) += http.o httpauth.o urldecode.o +OBJS-$(CONFIG_HTTPS_PROTOCOL) += http.o httpauth.o urldecode.o OBJS-$(CONFIG_MMSH_PROTOCOL) += mmsh.o mms.o asf.o OBJS-$(CONFIG_MMST_PROTOCOL) += mmst.o mms.o asf.o OBJS-$(CONFIG_MD5_PROTOCOL) += md5proto.o diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index c1cf019eda..4ec8ac2599 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -25,6 +25,7 @@ #include "internal.h" #include "libavutil/random_seed.h" #include "libavutil/md5.h" +#include "urldecode.h" #include "avformat.h" #include @@ -251,18 +252,28 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, return NULL; if (state->auth_type == HTTP_AUTH_BASIC) { - int auth_b64_len = AV_BASE64_SIZE(strlen(auth)); - int len = auth_b64_len + 30; - char *ptr; - authstr = av_malloc(len); - if (!authstr) + int auth_b64_len, len; + char *ptr, *decoded_auth = ff_urldecode(auth); + + if (!decoded_auth) return NULL; + + auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth)); + len = auth_b64_len + 30; + + authstr = av_malloc(len); + if (!authstr) { + av_free(decoded_auth); + return NULL; + } + snprintf(authstr, len, "Authorization: Basic "); ptr = authstr + strlen(authstr); - av_base64_encode(ptr, auth_b64_len, auth, strlen(auth)); + av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth)); av_strlcat(ptr, "\r\n", len - (ptr - authstr)); + av_free(decoded_auth); } else if (state->auth_type == HTTP_AUTH_DIGEST) { - char *username = av_strdup(auth), *password; + char *username = ff_urldecode(auth), *password; if (!username) return NULL; diff --git a/libavformat/urldecode.c b/libavformat/urldecode.c new file mode 100644 index 0000000000..32460da4f9 --- /dev/null +++ b/libavformat/urldecode.c @@ -0,0 +1,87 @@ +/* + * Simple URL decoding function + * Copyright (c) 2012 Antti Seppälä + * + * References: + * RFC 3986: Uniform Resource Identifier (URI): Generic Syntax + * T. Berners-Lee et al. The Internet Society, 2005 + * + * based on http://www.icosaedro.it/apache/urldecode.c + * from Umberto Salsi (salsi@icosaedro.it) + * + * This file is part of Libav. + * + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * Libav is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include +#include + +#include "libavutil/mem.h" +#include "libavutil/avstring.h" +#include "urldecode.h" + +char *ff_urldecode(const char *url) +{ + int s = 0, d = 0, url_len = 0; + char c; + char *dest = NULL; + + if (!url) + return NULL; + + url_len = strlen(url) + 1; + dest = av_malloc(url_len); + + if (!dest) + return NULL; + + while (s < url_len) { + c = url[s++]; + + if (c == '%' && s + 2 < url_len) { + char c2 = url[s++]; + char c3 = url[s++]; + if (isxdigit(c2) && isxdigit(c3)) { + c2 = av_tolower(c2); + c3 = av_tolower(c3); + + if (c2 <= '9') + c2 = c2 - '0'; + else + c2 = c2 - 'a' + 10; + + if (c3 <= '9') + c3 = c3 - '0'; + else + c3 = c3 - 'a' + 10; + + dest[d++] = 16 * c2 + c3; + + } else { /* %zz or something other invalid */ + dest[d++] = c; + dest[d++] = c2; + dest[d++] = c3; + } + } else if (c == '+') { + dest[d++] = ' '; + } else { + dest[d++] = c; + } + + } + + return dest; +} diff --git a/libavformat/urldecode.h b/libavformat/urldecode.h new file mode 100644 index 0000000000..b43f319c9e --- /dev/null +++ b/libavformat/urldecode.h @@ -0,0 +1,35 @@ +/* + * This file is part of Libav. + * + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * Libav is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef AVFORMAT_URLDECODE_H +#define AVFORMAT_URLDECODE_H + +/** + * Decodes an URL from its percent-encoded form back into normal + * representation. This function returns the decoded URL in a string. + * The URL to be decoded does not necessarily have to be encoded but + * in that case the original string is duplicated. + * + * @param url a string to be decoded. + * @return new string with the URL decoded or NULL if decoding failed. + * Note that the returned string should be explicitly freed when not + * used anymore. + */ +char *ff_urldecode(const char *url); + +#endif /* AVFORMAT_URLDECODE_H */ diff --git a/libavformat/version.h b/libavformat/version.h index bc6cae664b..de6da526c3 100644 --- a/libavformat/version.h +++ b/libavformat/version.h @@ -31,7 +31,7 @@ #define LIBAVFORMAT_VERSION_MAJOR 54 #define LIBAVFORMAT_VERSION_MINOR 12 -#define LIBAVFORMAT_VERSION_MICRO 0 +#define LIBAVFORMAT_VERSION_MICRO 1 #define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \ LIBAVFORMAT_VERSION_MINOR, \