Opened 14 years ago

Closed 13 years ago

Last modified 13 years ago

#390 closed defect (fixed)

bug in base64_encode used for http authentification

Reported by: palos@… Owned by: moritz@…
Priority: important Component: demuxer
Version: HEAD Severity: normal
Keywords: Cc: dominik@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

The http authentification for 'mplayer http://name:password@ip:port' fails with:
"Authentication required for "Icecast2 Server"
Unable to read the username"
(when using the form of 'mplayer http://ip:port -name name -passwd passwd' then
it also fails with "Authentication failed").

However, after replacement of base64_encode function in http.c with another one,
the problem disappears and http authentification works correctly.
I should also mention that the authentification in the original version (ie
before the bug fixing by replacement of the encode function) seems to work
correctly for some specific passwd lenghts, at least any passwd of lenght 8 was
authentificated correctly, while none of 6,7,9 characters passwords worked (this
might be also dependend on the length of username though, etc)

Reproducibity: always with given password of 'unproper' length
Affected versions: CVS 14.10.2005, 1.0pre7 (and probably also older versions)

Attachments (1)

fix_base64.patch (3.9 KB) - added by namonai@… 14 years ago.
Ported base64 code from wget

Download all attachments as: .zip

Change History (9)

comment:1 Changed 14 years ago by palos@…

  • Status changed from new to assigned

comment:2 Changed 14 years ago by palos@…

  • Status changed from assigned to new

Changed 14 years ago by namonai@…

Ported base64 code from wget

comment:3 Changed 14 years ago by namonai@…

Not sure if licenses permit a GPL app's code in libmpdemux, but this works like
it should (at least with my test cases). patch made on cvs as of bug
submission date

comment:4 Changed 14 years ago by reimar

Please test with CVS, I think there was a patch applied that just added a few
more '=' at the end.

comment:5 Changed 14 years ago by namonai@…

Nope, still has the offending code:

} else {

Terminate with Mime style '='
*out = '=';
outLen++;

return outLen;

}

If the patch you are referring to was from me on the eng-dev list, then this one
is much better than that one (I found a malloc() problem in that one).

comment:6 Changed 14 years ago by henning@…

(In reply to comment #3)

Nope, still has the offending code:

} else {

Terminate with Mime style '='
*out = '=';
outLen++;

return outLen;

}

While you are thinking about incorporating code from wget, could you perhaps
remove the offending piece of code quoted above in the CVS? ;-) This is a very
awkward bug more and more people are stumbling over.

comment:7 Changed 13 years ago by dominik@…

  • Cc dominik@… added
  • Status changed from new to assigned

A patch has just been posted to -dev-eng, fixing the case with -user and -password.

comment:8 Changed 13 years ago by reimar

  • Resolution set to fixed
  • Status changed from assigned to closed

This should be fixed in CVS (since quite some time)

Note: See TracTickets for help on using tickets.