In http_open_cnx, the patch restores the AVDictionary if connection needs to be re-tried
because of a authentication/redirect status code.
Previously, if a 401/407/30x status code was encountered, http_open_cnx would restart at the redo label, but any options
used by the underlying protocol would be missing because they were removed by the first attempt.
Signed-off-by: Brandon Lees <brandon@n-hega.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Previously, AVERROR(EIO) was returned on failure of
http_open_cnx_internal(). Now the value is passed to upper level, thus
it is possible to distinguish ECONNREFUSED, ETIMEDOUT, ENETUNREACH etc.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
int ff_http_averror(int status_code, int default_averror)
This helper function returns AVERROR_ value from 3-digit HTTP status
code.
Second argument, default_averror, is used if no specific AVERROR_ is
available. It is introduced because in different places of code
different return codes are used - -1, AVERROR(EIO), AVERROR_INVALIDDATA.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The current code would use any unknown attribute-value pair
as the cookie value.
RFC 6265 states that the first key-value pair is the actual
cookie, and the attribute-value pairs only start after.
With the current code:
Set-Cookie: test=good_value; path=/; dummy=42
gives this:
Cookie: dummy=42
instead of this with the new code:
Cookie: test=good_value
The cur_*auth_type variables were set before the http_connect call
prior to 6a463e7fb - their sole purpose is to record the
authentication type used to do the latest request, since parsing
the http response sets the new type in the auth state.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Previously this logic was only used if the server didn't
respond with Connection: close, but use it even for that case,
if the server response is non-chunked.
Originally the http code has relied on Connection: close to close
the socket when the file/stream is received - the http protocol
code just kept reading from the socket until the socket was closed.
In f240ed18 we added a check for the file size, because some
http servers didn't respond with Connection: close (and wouldn't
close the socket) even though we requested it, which meant that the
http protocol blocked for a long time at the end of files, waiting
for a socket level timeout.
When reading over tls, trying to read at the end of the connection,
when the peer has closed the connection, can produce spurious (but
harmless) warnings. Therefore always voluntarily stop reading when
the specified file size has been received, if not using a chunked
transfer encoding. (For chunked transfers, we already return 0
as soon as we get the chunk header indicating end of stream.)
Signed-off-by: Martin Storsjö <martin@martin.st>
Split return value handling from the actual opening.
Incidentally fixes the https -> http redirect issue reported by
Compn on behalf of rcombs.
CC: libav-stable@libav.org
The authstr memory allocations make it annoying to error in the middle
of the header setup code, so apply the usual C error handling idiom to
make it easier to error at any point.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If a domain has some cookies set, but matching the cookie fails due to
the port being different, get_cookies() succeeds, but sets cookies to
NULL. The caller of get_cookies() didn't check for the NULL value.
This also avoids passing NULL to libc string functions, which is
undefined behavior
Fixes Ticket2180
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The icy_metadata_headers string never gets initialized, so,
during the first call to av_strlcatf() in parse_icy(),
strlen() will be called on a pointer to uninitialized memory.
At best this causes some garbage data to be left at the
start of the string.
By initializing icy_metadata_headers to the empty string, the
first call to strlen() will always return 0, so that data is
appended from the start of the string.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Export the metadata as a icy_metadata_packet avoption.
Based on the work of wm4 and Alessandro Ghedini.
Bug-Id: https://bugs.debian.org/739936
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Some http servers send an ICY stream in combination with chunked
transfer encoding. This case was handled incorrectly by the ICY code:
instead of handling chunked encoding before anything ICY related, both
were mixed.
Fix this by separating the ICY code from normal http reading. Move the
normal http reading to a new function http_read_stream(), while
http_read() handles ICY on top of http_read_stream().
The server identified itself as: cloudflare-nginx
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Add AVOptions for setting the initial offset and the ending offset, so
they can be used for setting an appropriate Range header.
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
These streams are reported as seekable, but all tests show they are not,
and the server merely pretends the streams are seekable. The server
responds with:
content-range: bytes 0-1999999999/2000000000
Range requests seem to be correctly answered, but the actual data
returned at the same offset is different. Assume this is a bug in the
server software. The server identifies itself as:
Server: MediaGateway 3.5.2-001
Add a hack that checks the server name, and disables seeking in this
case.
Test URL: http://8283.live.streamtheworld.com:80/CBC_R1_VCR_H_SC
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This makes sure we don't send the Except: 100-continue header
if no authentication credentials have been provided.
Signed-off-by: Martin Storsjö <martin@martin.st>
It appears this bug originates from a "work in progress" patch from
ffmpeg-devel that was heavily redesigned by and integrated in libav
And that patch even had a reply and review on the mailing list pointing
out that it had a bug.
This fixes a deadlock with ffserver
See: [FFmpeg-devel] [PATCH] Fix HTTP authentication problem for POST actions.
[FFmpeg-devel] [PATCH 1/3] Introduce auth_phase flag, which will be true if authorization needs to be sent, but the type of authorization is not known yet Partial fix#3036
[FFmpeg-devel] [PATCH 2/3] Only add Transfer-Encoding header when not in authorization phase, because server will wait (indefinitely) for data when receiving this header Partial fix#3036
[FFmpeg-devel] [PATCH 3/3] Only allow posting data and/or forcing a 200 code, enabling posting isml chunks, -after- we did a possible first request to get a 403 from the server telling us which type of authentication to apply Final part fix#3036
See: 71549a857b
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>