Newer Dahua cameras and NVRs send two WWW-Authenticate: Digest headers, one with MD5 and one with SHA-256. Because the second overwrites the first and SHA-256 is not supported, make_digest_auth() returns NULL and no Authorization header is sent, breaking RTSP digest authentication.
Fix this by preserving previous digest params when a subsequent header specifies an unsupported algorithm. Signed-off-by: Jasper Miller-Waugh <[email protected]> --- libavformat/httpauth.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index 9048362509..ad02b31fe4 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -101,6 +101,12 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, state); } else if (av_stristart(value, "Digest ", &p) && state->auth_type <= HTTP_AUTH_DIGEST) { + DigestParams prev = state->digest_params; + char prev_realm[sizeof(state->realm)]; + int had_digest = state->auth_type == HTTP_AUTH_DIGEST; + if (had_digest) + memcpy(prev_realm, state->realm, sizeof(prev_realm)); + state->auth_type = HTTP_AUTH_DIGEST; memset(&state->digest_params, 0, sizeof(DigestParams)); state->realm[0] = 0; @@ -111,6 +117,15 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, sizeof(state->digest_params.qop)); if (!av_strcasecmp(state->digest_params.stale, "true")) state->stale = 1; + + /* Unsupported algorithm, keep previous supported digest params. */ + if (had_digest && + state->digest_params.algorithm[0] && + av_strcasecmp(state->digest_params.algorithm, "MD5") && + av_strcasecmp(state->digest_params.algorithm, "MD5-sess")) { + state->digest_params = prev; + memcpy(state->realm, prev_realm, sizeof(state->realm)); + } } } else if (!av_strcasecmp(key, "Authentication-Info")) { ff_parse_key_value(value, (ff_parse_key_val_cb) handle_digest_update, -- 2.53.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
