Commit graph

225 commits

Author SHA1 Message Date
Tobias Ronge
f672277509 gstrtspconnection: Security loophole making heap overflow
The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.
2019-03-14 10:24:30 +01:00
Kristofer Bjorkstrom
4bc906e87e rtspconnection: Fix GError set over the top of a previous GError
The function fill_bytes could sometimes return a value greater than zero
and in the same time set the GError.

Function read_bytes calls fill_bytes in a while loop. In the special
case above it would call fill_bytes with error already set.
Thus resulting in "GError set over the top of a previous GError".

Solved this by clearing GError when return value is greater than zero.
Actions are taken depending on error type by caller of read_bytes. Eg.
with EWOULDBLOCK gst_rtsp_source_dispatch_read will try to read the
missing bytes again (GST_RTSP_EINTR )

https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/issues/445
2019-02-18 16:12:58 +00:00
Sebastian Dröge
05f0fe79a2 rtspconnection: Fix uninitialized variable warning when compiling with pre-2.59.1 GLib
gstrtspconnection.c: In function ‘writev_bytes’:
gstrtspconnection.c:1348:10: error: ‘res’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
   return res;
          ^
2019-01-30 13:04:12 +00:00
Seungha Yang
a86fc3da46 rtspconnection: Fix broken build on GLib 2.59.0
GPollableReturn enum was introduced after GLib 2.59.0 release.
2019-01-30 12:29:01 +00:00
Sebastian Dröge
3a0e7fb8f4 rtspconnection: Update to merged GOutputStream::writev() API 2019-01-29 14:17:29 +02:00
Sebastian Dröge
8a54cc3b16 rtspconnection: Handle EOF on writev() after checking for all other error conditions
Otherwise we would return EOF if nothing was written in any case, even
if this was actually a case of TIMEOUT or EWOULDBLOCK for example.

Thanks to Edward Hervey for debugging and finding this issue.
2019-01-29 14:17:23 +02:00
Ognyan Tonchev
87a9f2b92c rtspconnection: Fixes for corrupt RTP packets in dispatch_write()
Fixes 2 problems:

1) Number of unmapped memories does not always match number of mmaped ones in
dispatch_write().
2) When dispatch_write() is dispatched second time after an incomplete write,
already set offsets will not be taken into account, thus corrupt RTP data will
be sent.
2019-01-29 14:17:23 +02:00
Sebastian Dröge
f90dac8d48 rtsp-connection: Make use of new GstRTSPMessage API for directly storing a body buffer and add API for writing multiple messages
By doing so we can send a whole GstBufferList and each memory in the
contained buffers without copying into a single memory area and with a
single writev() call. This improves performance considerably for
high-packet-rate streams.

This depends on https://gitlab.gnome.org/GNOME/glib/merge_requests/333
to be efficient, otherwise each chunk of memory is a separate write()
call.

https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/issues/370
2019-01-29 14:17:23 +02:00
Edward Hervey
962df52fef rtspconnection: Properly exit infinite loop
In the unlikeliness the builder state is invalid, exit the
top-level while(TRUE) loop.
2018-12-17 12:21:01 +01:00
Per Forlin
76aa92be51 rtspconnection: Replace Auth header instead of append
gst_rtsp_connection_send() adds the Authorization header to the request.
If this function is being called multiple times with the same request
it will add one more Authorization header every time.

To fix to this issue do not append a new Authorization header on
top of an existing ones. Remove any existing Authorization headers first
and then add the new one.

Fixes gst-plugins-good#425
2018-12-07 11:36:11 +00:00
Mathieu Duponchelle
aa6daaafc6 rtspconnection: do not duplicate authentication headers
rtsp_connection_send takes care of adding those already,
and some reverse proxies such as nginx will reject the request
altogether if the Authorization header is present twice,
even with the same value.

https://bugzilla.gnome.org/show_bug.cgi?id=797272
2018-10-11 15:35:56 +02:00
Sebastian Dröge
d4f607ef40 rtspconnection: Use GstQueueArray instead of GQueue for the queued messages 2018-06-29 07:38:20 +02:00
Sebastian Cote
9e77d9cacf rtspconnection: also add Content-Type to HTTP POST request when tunnelling
When the GstRTSPConnection class sends a RTSP over HTTP tunnelling
request, the HTTP Content-Type header is missing from the HTTP POST
request.

This isn't a problem with most servers, but there are servers that
rejects the request without there also being a Content-Type header.

RFC 1945:
Any HTTP/1.0 message containing an entity body should include a
Content-Type header field defining the media type of that body.

Apple Dispatch 28:
QuickTime Streaming uses the "application/x-rtsp-tunnelled" MIME
type in both the Content-Type and Accept headers. This reflects
the data type that is expected and delivered by the client and server.

https://bugzilla.gnome.org/show_bug.cgi?id=793110
2018-02-08 16:08:03 +00:00
Sebastian Dröge
9c2d5e863e rtspconnection: Allow setting a custom accept-certificate function for manually checking a TLS certificate for validity
https://bugzilla.gnome.org/show_bug.cgi?id=785024
2017-11-01 13:41:42 +02:00
Thibault Saunier
20fae3f1e0 rtsp: Start implementing support for RTSP 2.0
Properly handle protocol version in the connection

Add the following headers types:
  * Pipelined-Request
  * Media-Properties
  * Seek-Style
  * Accept-Ranges

https://bugzilla.gnome.org/show_bug.cgi?id=781446
2017-10-05 13:16:03 -03:00
Reynaldo H. Verdejo Pinochet
e81c334ca9 Use proper GtkDoc notation for NULL/FALSE/TRUE 2017-10-03 14:31:18 -07:00
Thibault Saunier
099ac9faf2 docs: Convert gtkdoc comments to markdown
Modernizing the documentation, making it simpler to read an
modify and allowing us to possibly switch to hotdoc in the
future.
2017-03-10 18:19:17 -03:00
Sebastian Dröge
828c8604dd rtsp: Add gst_rtsp_generate_digest_auth_response() to calculate digest auth response
https://bugzilla.gnome.org/show_bug.cgi?id=774416
2016-11-21 09:39:21 +02:00
Sergio Torres Soldado
7960bc0380 rtspconnection: Fix potential deadlock caused by blocking read forever
Reset the connection "may_cancel" property to avoid a potential deadlock
if there is no data to read and the socket stays blocked forever.

https://bugzilla.gnome.org/show_bug.cgi?id=768249
2016-07-07 19:15:18 +03:00
Sebastian Dröge
b0c834df1b rtspconnection: Properly initialize stack-allocated RTSP message to all-zeroes 2015-12-14 19:03:33 +01:00
Evan Callaway
5ac65d9e3a rtspconnection: Use relative URI for non-proxy tunneled requests
Match the section 5.1.2 of the HTTP/1.0 spec by using relative URIs unless we
are using a proxy server. Also, send Host header for compatability with
HTTP/1.1 and some HTTP/1.0 servers.

https://bugzilla.gnome.org/show_bug.cgi?id=758922
2015-12-14 18:21:10 +01:00
Evan Callaway
65c7bd7a2c rtspconnection: Support authentication during tunneling setup
gst_rtsp_connection_connect_with_response accepts a response pointer
which it fills with the response from setup_tunneling if the
connection is configured to be tunneled.  The motivation for this is to
allow the caller to inspect the response header to determine if
additional authentication is required so that the connection can be
retried with the appropriate authentication headers.

The function prototype of gst_rtsp_connection_connect has been
preserved for compatability with existing code and wraps
gst_rtsp_connection_connect_with_response.

https://bugzilla.gnome.org/show_bug.cgi?id=749596
2015-12-14 16:00:45 +01:00
Ognyan Tonchev
7a702df863 rtspconnection: Add support for parsing custom headers
https://bugzilla.gnome.org/show_bug.cgi?id=758235
2015-11-18 00:15:32 +00:00
Sebastian Dröge
4115814f36 Update GLib dependency to 2.40.0 2015-10-02 22:19:52 +03:00
Sebastian Dröge
18c610edda rtspconnection: Only drop everything after the ; of a session header in requests
For responses it is actually allowed and used to signal the timeout to the
client!

https://bugzilla.gnome.org/show_bug.cgi?id=736267
2015-06-22 19:51:32 +02:00
Nicolas Dufresne
c9a536af47 gi: Fix warnings in GstRtsp
* The custom GSource is not boxed (skip for now)
* The comment block has wrong name for _read_socket()
2015-06-16 15:50:13 -04:00
Arun Raghavan
37684b35b6 rtsp: Add a FIXME 2.0 for gst_rtsp_connection_create_from_socket()
There's a couple of redundant arguments from the pre-GIO days.
2015-06-12 12:51:22 +05:30
Xavier Claessens
74a4347614 GstRTSPConnection: Add GTlsInteraction support
https://bugzilla.gnome.org/show_bug.cgi?id=750471
2015-06-09 19:47:51 -04:00
Tim-Philipp Müller
853951b646 rtsp: don't use soon-to-be-deprecated g_cancellable_reset()
From the API documentation: "Note that it is generally not
a good idea to reuse an existing cancellable for more
operations after it has been cancelled once, as this
function might tempt you to do. The recommended practice
is to drop the reference to a cancellable after cancelling
it, and let it die with the outstanding async operations.
You should create a fresh cancellable for further async
operations."

https://bugzilla.gnome.org/show_bug.cgi?id=739132
2015-05-19 18:53:01 +01:00
Göran Jönsson
e3a212e0d4 rtspconnection: No remove child if destroyed.
Fixes https://bugzilla.gnome.org/show_bug.cgi?id=740730
2014-12-09 10:32:00 +01:00
Sebastian Dröge
90eb93c2ef Don't compare booleans for equality to TRUE and FALSE
TRUE is 1, but every other non-zero value is also considered true. Comparing
for equality with TRUE would only consider 1 but not the others.
2014-12-01 09:51:12 +01:00
Aleix Conchillo Flaqué
66abee92b0 rtspconnection: call watch notify before freeing any watch resources
This gives control to the notify function allowing it to finish other
watch related functionality.

https://bugzilla.gnome.org/show_bug.cgi?id=737752
2014-10-21 10:03:35 +02:00
Ognyan Tonchev
0ea1b559bf rtspconnection: ignore timeout in session request header
The timeout parameter is only allowed in a session response header
but some clients, like Honeywell VMS applications, send it as part
of the session request header. Ignore everything from the semicolon
to the end of the line when parsing session id.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=736267
2014-09-09 11:37:26 +02:00
Göran Jönsson
acdb7feacf rtspconnection: Protect readsrc, writesrc and controllsrc with a mutex
Fixes a crash when controlsrc, readsrc or writesrc are modified from
gst_rtsp_source_dispatch_read/write and gst_rtsp_watch_reset at the
same time.

https://bugzilla.gnome.org/show_bug.cgi?id=735569
2014-08-29 11:28:13 +03:00
Evan Nemerson
7b791749a0 docs: Assorted documentation and introspection fixes for new 1.4 API
https://bugzilla.gnome.org/show_bug.cgi?id=732595
2014-07-02 09:09:44 +02:00
Wim Taymans
0425f1cf4d rtspconnection: also allow POST before GET
Don't only allow GET and then POST request to setup tunneling over HTTP
but also allow POST and then GET.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=732459
2014-07-01 16:30:25 +02:00
Göran Jönsson
d8a1dc5ea8 rtspconnection: Add read source on write socket.
Add a read source on write socket when lost tunnel.
To be able to detect when clint closes get channel.

This is already done in gst_rtsp_source_dispatch_write but
only when the queue is empty.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=730368
2014-05-20 12:02:13 +02:00
Edward Hervey
1ca576c240 rtspconnection: Don't use argument for local storage
By re-using the uri argument for storing local data, we could end up in
a situation where we would free uri ... which would actually be the
string passed in argument.

Instead explicitely use a local variable. Fixes double-free issues.

CID #1212176
2014-05-13 11:53:41 +02:00
Göran Jönsson
446f9bf6bd rtspconnection: Reset control_stream.
Reset control_stream when gst_rtsp_connection_close.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=729632
2014-05-09 11:49:04 +02:00
Göran Jönsson
9685e7a583 rtspconnection: Empty queue when flush.
Empty the watchs queue when calling
gst_rtsp_watch_set_flushing with flushing variabel is TRUE.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=728772
2014-04-30 16:37:17 +02:00
Tim-Philipp Müller
bcb8068e27 docs: remove outdated and pointless 'Last reviewed' lines from docs
They are very confusing for people, and more often than not
also just not very accurate. Seeing 'last reviewed: 2005' in
your docs is not very confidence-inspiring. Let's just remove
those comments.
2014-04-26 23:28:57 +01:00
Wim Taymans
8d439edd7a rtspconnection: add flush method
Add a method to set/unset the flushing state that makes _wait_backlog()
unlock.

See https://bugzilla.gnome.org/show_bug.cgi?id=725898
2014-03-28 09:34:33 +01:00
Ognyan Tonchev
d7857325c5 rtspconnection: Fix minor memory leaks in error handling
Fixes https://bugzilla.gnome.org/show_bug.cgi?id=726642
2014-03-24 12:45:14 +01:00
Ognyan Tonchev
e0af857445 rtspconnection: Fix connection_poll()
* Only check for conditions we are interested in.
* Makes no sense to specify G_IO_ERR and G_IO_HUP in condition, they
  will always be reported if they are true.
* Do not create timed source if timeout is NULL.
* Correctly wait for sources to be dispatched, context_iteration() is
  not guaranteed to always block even if set to do so.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=726641
2014-03-24 12:43:38 +01:00
Руслан Ижбулатов
d6bd37460a rtspconnection: Silence a compiler warning
Cast the argument into (const char *) on W32, as winsock2 expects it.

https://bugzilla.gnome.org/show_bug.cgi?id=726433
2014-03-16 11:22:04 +01:00
Göran Jönsson
0b30fdbfbe rtspconnection: gst_rtsp_watch_wait_backlog
New method that wait until there is room in backlog queue.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=725898
2014-03-10 17:28:40 +01:00
David Svensson Fors
6cd0d10d30 rtspconnection: GstRTSPWatch func for tunnel GET response
Add a callback in GstRTSPWatch where the response to HTTP GET for
tunneled connections can be modified.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=725878
2014-03-10 10:43:03 +01:00
Ognyan Tonchev
4220442441 rtspconnection: Call closed() when GET is closed in tunneled mode
This patch adds read source on the write socket in tunneled
mode and we get a callback when client disconnects the GET
channel.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=725313
2014-03-03 10:34:56 +01:00
Sebastian Rasmussen
35bb1b3328 docs: Add annotations for return values
Rephrase and clarify some return value descriptions

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=725521
2014-03-02 23:41:18 +00:00
Tim-Philipp Müller
14b82bbc9a rtsp: fix build with older GLib versions
The gio/gnetworking.h header is only available since glib 2.36

https://bugzilla.gnome.org/show_bug.cgi?id=725206
2014-02-26 11:44:18 +00:00