[FFmpeg-cvslog] avformat/http: check the auth string contents not the pointer which cannot be NULL

Michael Niedermayer git at videolan.org
Mon Oct 14 01:41:56 CEST 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Oct 14 00:56:32 2013 +0200| [5970f4bb027c4eb8aca3cdca677fcca03aef1e82] | committer: Michael Niedermayer

avformat/http: check the auth string contents not the pointer which cannot be NULL

It appears this bug originates from a "work in progress" patch from
ffmpeg-devel that was heavily redesigned by and integrated in libav

And that patch even had a reply and review on the mailing list pointing
out that it had a bug.

This fixes a deadlock with ffserver

See: [FFmpeg-devel] [PATCH] Fix HTTP authentication problem for POST actions.
     [FFmpeg-devel] [PATCH 1/3] Introduce auth_phase flag, which will be true if authorization needs to be sent, but the type of authorization is not known yet Partial fix #3036
     [FFmpeg-devel] [PATCH 2/3] Only add Transfer-Encoding header when not in authorization phase, because server will wait (indefinitely) for data when receiving this header Partial fix #3036
     [FFmpeg-devel] [PATCH 3/3] Only allow posting data and/or forcing a 200 code, enabling posting isml chunks, -after- we did a possible first request to get a 403 from the server telling us which type of authentication to apply Final part fix #3036
See: 71549a857b13edf4c4f95037de6ed5bb4c4bd4af
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5970f4bb027c4eb8aca3cdca677fcca03aef1e82
---

 libavformat/http.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/http.c b/libavformat/http.c
index f88d58f..3d47736 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -609,7 +609,7 @@ static int http_connect(URLContext *h, const char *path, const char *local_path,
          * send Expect: 100-continue to get the 401 response including the
          * WWW-Authenticate header, or an 100 continue if no auth actually
          * is needed. */
-        if (auth && s->auth_state.auth_type == HTTP_AUTH_NONE &&
+        if (*auth && s->auth_state.auth_type == HTTP_AUTH_NONE &&
             s->http_code != 401)
             send_expect_100 = 1;
     }



More information about the ffmpeg-cvslog mailing list