[rtmpdump] [PATCH] Publisher authentication

Steve McFarlin steve at stevemcfarlin.com
Wed Feb 2 21:49:43 CET 2011 

On Feb 2, 2011, at 12:03 PM, Steve McFarlin wrote:

> The attached adobe auth patch has an infinite recursion in it. I believe it is the one from Sergiy. 
> 
> Stack Trace:
> ..
> ...
> #743	0x0047a818 in RTMP_ConnectStream at rtmp.c:1047
> #744	0x0047c2c6 in HandleInvoke at rtmp.c:2765
> #745	0x0047ae92 in RTMP_ClientPacket at rtmp.c:1248
> #746	0x0047a818 in RTMP_ConnectStream at rtmp.c:1047
> #747	0x0047c2c6 in HandleInvoke at rtmp.c:2765
> #748	0x0047ae92 in RTMP_ClientPacket at rtmp.c:1248
> #749	0x0047a818 in RTMP_ConnectStream at rtmp.c:1047
> #750	0x0047c2c6 in HandleInvoke at rtmp.c:2765
> #751	0x0047ae92 in RTMP_ClientPacket at rtmp.c:1248
> #752	0x0047a818 in RTMP_ConnectStream at rtmp.c:1047
> 
> The above file offsets may be different then a auto patched librtmp. I had to manually patch.
> 
> This occurs when connecting to a Wowza Media Server using an invalid application for publishing. The server rejects the connection and then the following block in HandleInvoke initiates the infinite recursion. Specifically the call to RTMP_ConnectStream. I have not had a chance to fix this. If I patch the patch I will post it.
> 
> else if (AVMATCH(&method, &av_close))
>     {
>        RTMP_Log(RTMP_LOGERROR, "rtmp server requested close");
>        RTMP_Close(r);
> #ifdef CRYPTO
>        if ((r->Link.protocol & RTMP_FEATURE_WRITE) &&
>            !(r->Link.pFlags & RTMP_PUB_CLEAN) &&
>            (  !(r->Link.pFlags & RTMP_PUB_NAME) ||
>             !(r->Link.pFlags & RTMP_PUB_RESP) ||
>             (r->Link.pFlags & RTMP_PUB_CLATE) ) )
>         {
>            /* clean later */
>            if(r->Link.pFlags & RTMP_PUB_CLATE)
>                r->Link.pFlags |= RTMP_PUB_CLEAN;
>            RTMP_Log(RTMP_LOGERROR, "authenticating publisher");
> 
>            if (!RTMP_Connect(r, NULL) || !RTMP_ConnectStream(r, 0))
>                goto leave;
>         }
> #endif
>     }
> 

The quick and easy fix without understanding the implications is to just 'goto leave;' after the RTMP_Close(r) call. You could optionally remove the CRYPTO code all together. The issue is RTMP_Connect will return true as long as a connection can be made. And as mentioned above RTMP_ConnectStream will end up calling back into HandleInvoke.

Again, I did not mentally trace this code. I don't know the implications of my suggestion. All I know is that it works in the few tests I preformed.


steve

More information about the rtmpdump mailing list