Hello,
On some authenticated Neulion streams, they send a cookie from the past,
like so:
Set-Cookie: nlqptid=""; Domain=.neulion.com; Expires=Thu, 01-Jan-1970
00:00:10 GMT; Path=/
As a result, the good cookie value is overwritten and authentication breaks
immediately. I realise disqualifying a cookie over the date might open a
can of worms when it comes to date formatting used by different systems,
but I added Neulions wrong format and the http standard format.
Please let me know if this is acceptable. I've run it against fate and
there were no problems.
--
"The mark of an immature man is that he wants to die nobly for a cause,
while the mark of the mature man is that he wants to live humbly for
one." --W. Stekel
From 1fecda5a7a36b530208a9428b86eebda66beeee0 Mon Sep 17 00:00:00 2001
From: Micah Galizia <micahgali...@gmail.com>
Date: Sat, 11 Feb 2017 21:18:41 -0500
Subject: [PATCH] Ignore expired cookies
Signed-off-by: Micah Galizia <micahgali...@gmail.com>
---
libavformat/http.c | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/libavformat/http.c b/libavformat/http.c
index 944a6cf..e7b8ac3 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -682,12 +682,44 @@ static int parse_icy(HTTPContext *s, const char *tag, const char *p)
static int parse_cookie(HTTPContext *s, const char *p, AVDictionary **cookies)
{
- char *eql, *name;
+ char *eql, *name, *expiry;
// duplicate the cookie name (dict will dupe the value)
if (!(eql = strchr(p, '='))) return AVERROR(EINVAL);
if (!(name = av_strndup(p, eql - p))) return AVERROR(ENOMEM);
+ // ensure the expiry is sane
+ if ((expiry = strstr(eql, "Expires="))) {
+ struct tm tm_buf = {0};
+ char *end;
+
+ // get the start & the end of the expiry ('11 Feb 2017 09:41:35 GMT')
+ // this skips past the day of the week by finding the space following it
+ expiry += 8 * sizeof(char);
+ while (*expiry != ' ') expiry++;
+ expiry++;
+ end = expiry+1;
+ while (*end != ';') end++;
+
+ // ensure the time is parsable
+ end = strptime(expiry, "%d %b %Y %H:%M:%S %Z", &tm_buf);
+
+ // ensure neulion's different format is parsable
+ if (!end) end = strptime(expiry, "%d-%b-%Y %H:%M:%S %Z", &tm_buf);
+
+ // if the expire is specified but unparsable, this cookie is invalid
+ if (!end) {
+ av_log(s, AV_LOG_ERROR, "Unable to parse expiry for cookie '%s'\n", p);
+ return AVERROR(EINVAL);
+ }
+
+ // no cookies from the past (neulion)
+ if (mktime(&tm_buf) < time(NULL)) {
+ av_log(s, AV_LOG_ERROR, "Ignoring cookie from the past '%s'\n", p);
+ return AVERROR(EINVAL);
+ }
+ }
+
// add the cookie to the dictionary
av_dict_set(cookies, name, eql, AV_DICT_DONT_STRDUP_KEY);
--
2.9.3
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
