The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.
The function fill_bytes could sometimes return a value greater than zero
and in the same time set the GError.
Function read_bytes calls fill_bytes in a while loop. In the special
case above it would call fill_bytes with error already set.
Thus resulting in "GError set over the top of a previous GError".
Solved this by clearing GError when return value is greater than zero.
Actions are taken depending on error type by caller of read_bytes. Eg.
with EWOULDBLOCK gst_rtsp_source_dispatch_read will try to read the
missing bytes again (GST_RTSP_EINTR )
https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/issues/445
gstrtspconnection.c: In function ‘writev_bytes’:
gstrtspconnection.c:1348:10: error: ‘res’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
return res;
^
Otherwise we would return EOF if nothing was written in any case, even
if this was actually a case of TIMEOUT or EWOULDBLOCK for example.
Thanks to Edward Hervey for debugging and finding this issue.
Fixes 2 problems:
1) Number of unmapped memories does not always match number of mmaped ones in
dispatch_write().
2) When dispatch_write() is dispatched second time after an incomplete write,
already set offsets will not be taken into account, thus corrupt RTP data will
be sent.
gst_rtsp_connection_send() adds the Authorization header to the request.
If this function is being called multiple times with the same request
it will add one more Authorization header every time.
To fix to this issue do not append a new Authorization header on
top of an existing ones. Remove any existing Authorization headers first
and then add the new one.
Fixes gst-plugins-good#425
rtsp_connection_send takes care of adding those already,
and some reverse proxies such as nginx will reject the request
altogether if the Authorization header is present twice,
even with the same value.
https://bugzilla.gnome.org/show_bug.cgi?id=797272
When the GstRTSPConnection class sends a RTSP over HTTP tunnelling
request, the HTTP Content-Type header is missing from the HTTP POST
request.
This isn't a problem with most servers, but there are servers that
rejects the request without there also being a Content-Type header.
RFC 1945:
Any HTTP/1.0 message containing an entity body should include a
Content-Type header field defining the media type of that body.
Apple Dispatch 28:
QuickTime Streaming uses the "application/x-rtsp-tunnelled" MIME
type in both the Content-Type and Accept headers. This reflects
the data type that is expected and delivered by the client and server.
https://bugzilla.gnome.org/show_bug.cgi?id=793110
Properly handle protocol version in the connection
Add the following headers types:
* Pipelined-Request
* Media-Properties
* Seek-Style
* Accept-Ranges
https://bugzilla.gnome.org/show_bug.cgi?id=781446
Match the section 5.1.2 of the HTTP/1.0 spec by using relative URIs unless we
are using a proxy server. Also, send Host header for compatability with
HTTP/1.1 and some HTTP/1.0 servers.
https://bugzilla.gnome.org/show_bug.cgi?id=758922
gst_rtsp_connection_connect_with_response accepts a response pointer
which it fills with the response from setup_tunneling if the
connection is configured to be tunneled. The motivation for this is to
allow the caller to inspect the response header to determine if
additional authentication is required so that the connection can be
retried with the appropriate authentication headers.
The function prototype of gst_rtsp_connection_connect has been
preserved for compatability with existing code and wraps
gst_rtsp_connection_connect_with_response.
https://bugzilla.gnome.org/show_bug.cgi?id=749596
From the API documentation: "Note that it is generally not
a good idea to reuse an existing cancellable for more
operations after it has been cancelled once, as this
function might tempt you to do. The recommended practice
is to drop the reference to a cancellable after cancelling
it, and let it die with the outstanding async operations.
You should create a fresh cancellable for further async
operations."
https://bugzilla.gnome.org/show_bug.cgi?id=739132
The timeout parameter is only allowed in a session response header
but some clients, like Honeywell VMS applications, send it as part
of the session request header. Ignore everything from the semicolon
to the end of the line when parsing session id.
Fixes https://bugzilla.gnome.org/show_bug.cgi?id=736267
Fixes a crash when controlsrc, readsrc or writesrc are modified from
gst_rtsp_source_dispatch_read/write and gst_rtsp_watch_reset at the
same time.
https://bugzilla.gnome.org/show_bug.cgi?id=735569
Add a read source on write socket when lost tunnel.
To be able to detect when clint closes get channel.
This is already done in gst_rtsp_source_dispatch_write but
only when the queue is empty.
Fixes https://bugzilla.gnome.org/show_bug.cgi?id=730368
By re-using the uri argument for storing local data, we could end up in
a situation where we would free uri ... which would actually be the
string passed in argument.
Instead explicitely use a local variable. Fixes double-free issues.
CID #1212176
They are very confusing for people, and more often than not
also just not very accurate. Seeing 'last reviewed: 2005' in
your docs is not very confidence-inspiring. Let's just remove
those comments.
* Only check for conditions we are interested in.
* Makes no sense to specify G_IO_ERR and G_IO_HUP in condition, they
will always be reported if they are true.
* Do not create timed source if timeout is NULL.
* Correctly wait for sources to be dispatched, context_iteration() is
not guaranteed to always block even if set to do so.
Fixes https://bugzilla.gnome.org/show_bug.cgi?id=726641