#390 closed defect (fixed)
bug in base64_encode used for http authentification
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | important | Component: | demuxer |
Version: | HEAD | Severity: | normal |
Keywords: | Cc: | Dominik 'Rathann' Mierzejewski | |
Blocked By: | Blocking: | ||
Reproduced by developer: | no | Analyzed by developer: | no |
Description
The http authentification for 'mplayer http://name:password@ip:port' fails with:
"Authentication required for "Icecast2 Server"
Unable to read the username"
(when using the form of 'mplayer http://ip:port -name name -passwd passwd' then
it also fails with "Authentication failed").
However, after replacement of base64_encode function in http.c with another one,
the problem disappears and http authentification works correctly.
I should also mention that the authentification in the original version (ie
before the bug fixing by replacement of the encode function) seems to work
correctly for some specific passwd lenghts, at least any passwd of lenght 8 was
authentificated correctly, while none of 6,7,9 characters passwords worked (this
might be also dependend on the length of username though, etc)
Reproducibity: always with given password of 'unproper' length
Affected versions: CVS 14.10.2005, 1.0pre7 (and probably also older versions)
Attachments (1)
Change History (9)
comment:1 by , 19 years ago
Status: | new → assigned |
---|
comment:2 by , 18 years ago
Status: | assigned → new |
---|
by , 18 years ago
Attachment: | fix_base64.patch added |
---|
comment:3 by , 18 years ago
Not sure if licenses permit a GPL app's code in libmpdemux, but this works like
it should (at least with my test cases). patch made on cvs as of bug
submission date
comment:4 by , 18 years ago
Please test with CVS, I think there was a patch applied that just added a few
more '=' at the end.
comment:5 by , 18 years ago
Nope, still has the offending code:
} else {
Terminate with Mime style '='
*out = '=';
outLen++;
return outLen;
}
If the patch you are referring to was from me on the eng-dev list, then this one
is much better than that one (I found a malloc() problem in that one).
comment:6 by , 18 years ago
(In reply to comment #3)
Nope, still has the offending code:
} else {
Terminate with Mime style '='
*out = '=';
outLen++;
return outLen;
}
While you are thinking about incorporating code from wget, could you perhaps
remove the offending piece of code quoted above in the CVS? ;-) This is a very
awkward bug more and more people are stumbling over.
comment:7 by , 18 years ago
Cc: | added |
---|---|
Status: | new → assigned |
A patch has just been posted to -dev-eng, fixing the case with -user and -password.
comment:8 by , 18 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
This should be fixed in CVS (since quite some time)
Ported base64 code from wget