Commit graph

1157 commits

Author SHA1 Message Date
Sebastian Dröge
44ccca3086 rtsp-auth: Fix NULL pointer dereference when handling an invalid basic Authorization header
When using the basic authentication scheme, we wouldn't validate that
the authorization field of the credentials is not NULL and pass it on
to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
dereference the NULL pointer and crash.
A specially crafted (read: invalid) RTSP header can cause this to
happen.

As a solution, check for the authorization to be not NULL before
continuing processing it and if it is simply fail authentication.

This fixes CVE-2020-6095 and TALOS-2020-1018.

Discovered by Peter Wang of Cisco ASIG.
2020-03-23 16:06:43 +02:00
Göran Jönsson
daa18dc867 rtsp-client: Use watch_context before unref
Move the usage of priv->watch_context to beginning of function
gst_rtsp_client_finalize. Instead of use it after
g_main_context_unref (priv->watch_context).
2020-03-09 14:17:34 +01:00
Mathieu Duponchelle
8410c69da9 rtsp-stream: fix deadlock on transport removal
We cannot take the RTSPStream lock while holding a transport backlog
lock, as remove_transport may be called externally, which will
take first the RTSPStream lock then the transport backlog lock.
2020-02-24 20:24:29 +00:00
Mathieu Duponchelle
fa41cbe9a4 rtsp-stream: clear backlog when removing transport
This ensures we don't end up calling any of transports' callbacks
with a potentially unreffed user_data (in practice, a client that
may have been removed)
2020-02-24 20:24:29 +00:00
Mathieu Duponchelle
54b6b3bcab rtsp-stream: marshal calls to send_tcp_message to a single thread
In order to address the race condition pointed out at
https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/merge_requests/108#note_403579
we get rid of the send thread pool, and instead spawn and manage
a single thread to pull samples from app sinks and add them to
the transport's backlogs.

Additionally, we now also always go through the backlogs in order
to simplify the logic.
2020-02-24 20:24:29 +00:00
Mathieu Duponchelle
50ecbb1596 rtsp-stream: properly protect TCP backlog access
Fixes #97

We cannot hold stream->lock while pushing data, but need
to consistently check the state of the backlog both from
the send_tcp_message function and the on_message_sent function,
which may or may not be called from the same thread.

This commit introduces internal API to allow for potentially
recursive locking of transport streams, addressing a race
condition where the RTSP stream could push items out of order
when popping them from the backlog.
2020-02-24 20:24:29 +00:00
Sebastian Dröge
a2ba3639a5 rtsp-media: Sink pipeline in gst_rtsp_media_take_pipeline()
It's taken ownership of by the media, and returned with `transfer none`
from the GstRTSPMedia::create_pipeline() vfunc. If we don't sink it
first then any bindings will wrongly take ownership of the pipeline once
it arrives in bindings code.
2020-02-22 00:43:31 +02:00
Marc Leeman
7b5dbb0561 rtsp-media: fix default latency 2020-02-03 12:30:14 +00:00
Mathieu Duponchelle
90f7e851f4 rtsp-client: make closing more thread safe
+ Take the watch lock prior to using priv->watch
+ Flush both the watch and connection before closing / unreffing

gst_rtsp_connection_close() is not threadsafe on its own, this is
a workaround at the client level, where we control both the watch
and the connection
2020-01-23 18:08:21 +00:00
Jordan Petridis
b4948f69a0
rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as it's been deprecated
from glib
```
Deprecated: 2.58: Use %G_ADD_PRIVATE and the generated
  `your_type_get_instance_private()` function instead
```
2020-01-23 17:00:59 +02:00
Zoltán Imets
aa8126b239 rtsp-client: add property post-session-timeout
This is a TCP connection timeout for client connections, in seconds.
If a positive value is set for this property, the client connection
will be kept alive for this amount of seconds after the last session
timeout. For negative values of this property the connection timeout
handling is delegated to the system (just as it was before).

Fixes #83
2020-01-15 11:47:27 +00:00
Mark Nauwelaerts
0ed32e0d53 rtsp-stream: check for NULL transports prior to ref'ing 2020-01-11 22:58:48 +01:00
Mathieu Duponchelle
e0a4355d6b rtsp-stream: fix checking of TCP backpressure
The internal index of our appsinks, while it can be used to
determine whether a message is RTP or RTCP, is not necessarily
the same as the interleaved channel. Let the stream-transport
determine the channel to check backpressure for, the same way
it determines the channel according to whether it is sending
RTP or RTCP.
2020-01-09 14:10:44 +01:00
Olivier Crête
73b4929803 rtsp-session: Butcher the file to please gst-indent in the CI
This should be reverted once the CI has an updated gst-indent.
2019-12-18 19:48:31 +00:00
Olivier Crête
75b03ddf5e rtsp-session & client: Remove deprecated GTimeVal
GTimeVal won't work past 2038
2019-12-18 19:48:31 +00:00
Nicola Murino
a547e2b3c8 rtsp-auth: fix default token leak 2019-12-12 17:56:18 +01:00
Adam x Nilsson
8d4a9f37e5 gstrtspclientsink: unref transports when closing bin
Fixes #91
2019-12-10 10:27:07 +01:00
Kristofer Bjorkstrom
faf8f87a02 rtsp-media: Force seek when flush flag is set
The commit "rtsp-client: define all seek accuracy flags from
setup_play_mode" changed the behaviour of when doing a seek.

Before that commit, having the flush flag set would result in a seek
(forced seek).
Even if no seek was needed. One reason to force seek is to flush old buffers
created in Describe requests.

Thus adding force seek also for flush flag will result in play request
with fresh buffers.
2019-12-06 14:52:23 +01:00
Edward Hervey
8de843733d rtsp-client: Revitalize dead code
Leftover from 65d9aa327c

CID: 1455379
2019-12-02 10:46:40 +01:00
Edward Hervey
5ceb2cf83f rtsp-sdp: Don't try to use non-initialized values
Only attempt to use the various timing values iif gst_rtsp_stream_get_info()
returns TRUE. Also avoid the whole clock signalling block if we're not
dealing with senders.

CID: 1439524
CID: 1439536
CID: 1439520
2019-11-27 15:27:36 +01:00
Adam x Nilsson
9c5ca231a6 rtsp-stream: Removing invalid transports returns false
When removing transports an assertion was that the transports passed in
for removal are present in the list, however that can't be assumed.
As an example if a transport was removed from a thread running
send_tcp_message, the main thread can try to remove the same transport
again if it gets a handle_pause_request. This will not effect the
transport list but it will effect n_tcp_transports as it will be
decrement and then have the wrong value.
2019-11-25 19:12:10 +01:00
Niels De Graef
45e77ecdd7 Don't pass default GLib marshallers for signals
By passing NULL to `g_signal_new` instead of a marshaller, GLib will
actually internally optimize the signal (if the marshaller is available
in GLib itself) by also setting the valist marshaller. This makes the
signal emission a bit more performant than the regular marshalling,
which still needs to box into `GValue` and call libffi in case of a
generic marshaller.

Note that for custom marshallers, one would use
`g_signal_set_va_marshaller()` with the valist marshaller instead.
2019-11-04 14:16:10 +00:00
Xavier Claessens
f7bbd9dd86 GstRTSPMountPoints: Remove any existing factory before adding a new one
The documentation of gst_rtsp_mount_points_add_factory() says "Any
previous mount point will be freed" which was true when it was
implemented using a GHashTable. But in 2012 it got rewrote using a
GSequence and since then it could have 2 factories for the same path.
Which one gets used is random, depending on the sorting order of 2
identical items.
2019-11-04 12:01:09 +00:00
Mathieu Duponchelle
dd32924eb0 stream: refactor TCP backpressure handling
The previous implementation stopped sending TCP messages to
all clients when a single one stopped consuming them, which
obviously created problems for shared media.

Instead, we now manage a backlog in stream-transport, and slow
clients are removed once this backlog exceeds a maximum duration,
currently hardcoded.

Fixes #80
2019-10-21 13:49:54 +02:00
Göran Jönsson
d519f47402 rtsp-session: clean up comment extra-timeout 2019-10-18 09:19:59 +02:00
Muhammet Ilendemli
d9a182c476 rtsp-client: Generate correct URI for MIKEY in ANNOUNCE responses
Instead of hardcoding the URI, take the actual URI (and especially the correct port)
from the RTSP context.

Fixes #84
2019-10-17 14:05:12 +03:00
Kristofer
1a01d20e40 rtsp-client: Lock shared media
For shared media we got race conditions. Concurrently rtsp clients might
suspend or unsuspend the shared media and thus change the state without
the clients expecting that.
By introducing a lock that can be taken by callers such as rtsp_client
one can force rtsp clients calling, eg. PLAY, SETUP and that uses shared media,
to handle the media sequentially thus allowing one client to finish its
rtsp call before another client calls on the same media.

https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/issues/86
Fixes #86
2019-10-16 13:20:54 +00:00
Göran Jönsson
74b19b3709 rtsp-session: add property extra-timeout
Extra time to add to the timeout, in seconds. This only
affects the time until a session is considered timed out
and is not signalled in the RTSP request responses.
Only the value of the timeout property is signalled in the
request responses.
2019-10-16 06:49:49 +00:00
Adam x Nilsson
0b1b6670c8 rtsp-stream : fix race condition in send_tcp_message
If one thread is inside the send_tcp_message function and are done
sending rtp or rtcp messages so the n_outstanding variable is zero
however have not exit the loop sending the messages. While sending its
messages, transports have been added or removed to the transport list,
so the cache should be updated. If now an additional thread comes to
the function send_tcp_message and trying to send rtp messages it will
first destroy the rtp cache that is still being iterated trough by the
first thread.

Fixes #81
2019-10-14 19:40:00 +00:00
Tim-Philipp Müller
6b3bd23e40 Remove autotools build
Replaced by Meson.

Maybe we can now use the meson pkgconfig module
for .pc files? (Does it support uninstalled now?)
2019-10-13 13:52:37 +01:00
Adam x Nilsson
f1d2a0cae9 rtsp-media: Use lock in gst_rtsp_media_is_receive_only 2019-10-04 07:59:02 +00:00
David Svensson Fors
e16867b161 rtsp-media: Unblock all streams
When unsuspending and going to PLAYING, unblock all streams instead of
only those that are linked (the linked streams are the ones for which
SETUP has been called). GST_FLOW_NOT_LINKED will be returned when
pushing buffers on unlinked streams.

This change is because playback using single-threaded demuxers like
matroska-demux could be blocked if SETUP was not called for all media.
Demuxers that use GstFlowCombiner (including gstoggdemux, gstavidemux,
gstflvdemux, qtdemux, and matroska-demux) will handle
GST_FLOW_NOT_LINKED automatically.

Fixes #39
2019-10-03 11:54:15 +00:00
Göran Jönsson
18f4f4e509 rtsp-media: Wait on async when needed.
Wait on asyn-done when needed in gst_rtsp_media_seek_trickmode.

In the unit test the pause from adjust_play_mode will cause a preroll
and after that async-done will be produced.
Without this patch there are no one consuming this async-done and when
later when seek fluch is done in gst_rtsp_media_seek_trickmode then it
wait for async-done. But then it wrongly find the async-done prodused by
adjus_play_mode and continue executing without waiting for the preroll
to finish.
2019-10-02 15:00:23 +00:00
Kristofer Bjorkstrom
7e1edcf1a4 rtsp-client: RTP Info when completed_sender
Change condition that should be fulfilled regarding RTPInfo.
Replace !gst_rtsp_media_is_receive_only with
gst_rtsp_media_has_completed_sender. It is more correct to actually look
for a sender pipeline that is complete. Only then a RTPInfo should
exist.

gst_rtsp_media_is_receive_only gives different answears depending on
state of server.
If Describe is called wth URL+options for backchannel SDP will give only
audio and only backchannel a=sendonly
If Describe is called on URL+options that gives both audio and video
direction from server to client, pipelines are created. Thus
receive_only will return false, even though Setup only would setup
backchannel.

RTP-Info is only for outgoing streams. Thus one should look if outgoing
streams are complete.
2019-10-01 12:01:26 +02:00
Kristofer
d7ae39657d rtsp-client: RTP Info exists conditionally in PLAY
If RTP Info is missing and it is not a receiver only, eg. audio
backchannel. Then return GST_RTSP_STS_INTERNAL_SERVER_ERROR.
In rfc2326 it says RTP-info is req. but in RFC7826 it is conditional.

Since 1.14 there is audio backchannel support. Thus RTP-info is
conditional now. When audio backchannel only mode, there is no RTP-info.

Fixes #82
2019-09-25 09:14:08 +00:00
Kristofer Björkström
f834700eff rtsp-client: RTP Info must exist in PLAY response
If RTP Info is missing. Then return GST_RTSP_STS_INTERNAL_SERVER_ERROR

Fixes #76
2019-09-04 07:34:37 +00:00
Göran Jönsson
16bc937ed9 Use complete streams for scale and speed.
Without this patch it's always stream0 that is used to get segment event
that is used to set scale and speed. This even if client not doing SETUP
for stream0. At least in suspend mode reset this not working since then
it's just random if send_rtp_sink have got any segment event. There are
no check if send_rtp_sink for stream0 got any data before media is
prerolled after PLAY request.
2019-08-29 07:15:37 +02:00
Mathieu Duponchelle
7073ade1a6 rtsp-media: add missing Since tag 2019-08-12 16:09:02 +00:00
Mathieu Duponchelle
72504eee99 rtsp-client: define all seek accuracy flags from setup_play_mode
We then pass those to adjust_play_mode, which needs to operate
on the "final" seek flags, as previously the code in rtsp-media
was assuming that accuracy seek flags (accurate / key_unit) should
not be set if the flags passed to the seek method were already set.
2019-08-07 18:04:03 +02:00
Sebastian Dröge
446315b36c rtsp-media: Try to get dynamic payloaders by name from their bin first
First try "pay", then "pay_%s" (where %s == pad name). And only then
fall back to the code that simply takes the first payloader that is
found.

The current code usually works (but is racy) because it will always take
the payloader that was last added (due to g_list_prepend() when adding
elements) in pad-added and that's usually the correct one. But if a new
payloader is added between pad-added and us trying to get it, we would
get the wrong payloader.
2019-07-22 19:44:28 +03:00
Göran Jönsson
d1d404912e rtsp-stream: Not wait on receiver streams when pre-rolling
Without this patch there are problem pre-rolling when using audio back
channel.

Without this patch a probe will be created for all streams including
the stream for audio backchannel. To pre-roll all this pads have to
receive data. Since the stream for audio backchannel is a receiver this
will never happen.

The solution is to never create any probes for streams that are for
incomming data and instead set them as blocking already from beginning.
2019-06-28 13:31:34 +02:00
Tim-Philipp Müller
7b2adb015d onvif-media: fix "void function returning a value" compiler warning 2019-06-25 13:19:44 +01:00
Mathieu Duponchelle
ab37286300 rtsp-media: make sure streams are blocked when sending seek
The recent ONVIF work exposed a race condition when dealing with
multiple streams: one of the sinks may preroll before other streams
have started flushing. This led to the pipeline posting async-done
prematurely, when some streams were actually still in the middle
of performing a flushing seek. The newly-added code looks up a
sticky segment event on the first stream in order to respond to
the PLAY request with accurate Scale and Speed headers. In the
failure condition, the first stream was flushing, and thus had
no sticky segment event, leading to the PLAY request failing,
and in turn the test.
2019-06-12 22:19:27 +02:00
Michael Bunk
b545c10e8f Fix typos 2019-06-07 13:42:24 +02:00
Mathieu Duponchelle
0f498eabf4 onvif: Implement and test the Streaming Specification
https://www.onvif.org/specs/stream/ONVIF-Streaming-Spec.pdf
2019-06-06 18:45:17 +02:00
Mathieu Duponchelle
7640cb8f21 rtsp-client: add gst_rtsp_client_get_stream_transport()
This will be used in the onvif tests in order to validate the
data transmitted over TCP: for streaming to continue after a
data message has been provided to client->send_func, the client
is responsible for marking the message as sent on the relevant
stream transport.
2019-06-06 18:45:17 +02:00
Mathieu Duponchelle
52d20df0f4 client: Scale implies TRICK_MODE 2019-06-04 14:32:51 +02:00
Mathieu Duponchelle
b9cc3e867a client: compare booleans, not pointers to them 2019-06-04 14:32:51 +02:00
Nikita Bobkov
f31f79f60e Reverse playback support
GStreamer plays segment from stop to start when doing reverse playback.
RTSP implies that media should be played from start of Range header to
its stop. Hence we swap start and stop times before passing them to
gst_element_seek.

Also make gst_rtsp_stream_query_stop always return value that can be
used as stop time of Range header.
2019-06-04 14:32:51 +02:00
Branko Subasic
bc74589601 rtsp-client: add support for Scale and Speed header
Add support for the RTSP Scale and Speed headers by setting the rate in
the seek to (scale*speed). We then check the resulting segment for rate
and applied rate, and use them as values for the Speed and Scale headers
respectively.

https://bugzilla.gnome.org/show_bug.cgi?id=754575
2019-06-04 14:32:51 +02:00