The branch, master has been updated via f3e3e6b507ac0df89a11764abd15cc9535593735 (commit) via 9d6dc72d7c43554dbe8cdb02f450807230df8c25 (commit) via 1f6c6434d6794b3ba14540a141bab358eba48b13 (commit) from e42b5d0926b1a668d7fbd794a70f31040c5f198d (commit) - Log ----------------------------------------------------------------- commit f3e3e6b507ac0df89a11764abd15cc9535593735 Author: Björn Axelsson <bjorn.axelsson@intinor.se> AuthorDate: Tue Oct 30 19:31:01 2012 +0200 Commit: Howard Chu <hyc@highlandsun.com> CommitDate: Tue Oct 30 11:30:26 2012 -0700 Look for a fourth slash when splitting the url into app+playpath diff --git a/librtmp/parseurl.c b/librtmp/parseurl.c index 0183958..646c70c 100644 --- a/librtmp/parseurl.c +++ b/librtmp/parseurl.c @@ -137,12 +137,14 @@ parsehost: * application = app[/appinstance] */ - char *slash2, *slash3 = NULL; + char *slash2, *slash3 = NULL, *slash4 = NULL; int applen, appnamelen; slash2 = strchr(p, '/'); if(slash2) slash3 = strchr(slash2+1, '/'); + if(slash3) + slash4 = strchr(slash3+1, '/'); applen = end-p; /* ondemand, pass all parameters as app */ appnamelen = applen; /* ondemand length */ @@ -156,7 +158,9 @@ parsehost: appnamelen = 8; } else { /* app!=ondemand, so app is app[/appinstance] */ - if(slash3) + if(slash4) + appnamelen = slash4-p; + else if(slash3) appnamelen = slash3-p; else if(slash2) appnamelen = slash2-p; commit 9d6dc72d7c43554dbe8cdb02f450807230df8c25 Author: Martin Storsjo <martin@martin.st> AuthorDate: Tue Oct 30 19:22:16 2012 +0200 Commit: Howard Chu <hyc@highlandsun.com> CommitDate: Tue Oct 30 11:30:26 2012 -0700 Simplify initializing the TLS server context This does the same thing, but I wasn't aware of these functions when I initially wrote this. diff --git a/librtmp/rtmp.c b/librtmp/rtmp.c index 4858e24..d72f105 100644 --- a/librtmp/rtmp.c +++ b/librtmp/rtmp.c @@ -280,32 +280,14 @@ RTMP_TLS_AllocServerContext(const char* cert, const char* key) } #elif !defined(NO_SSL) /* USE_OPENSSL */ ctx = SSL_CTX_new(SSLv23_server_method()); - FILE *f = fopen(key, "r"); - if (!f) { + if (!SSL_CTX_use_certificate_chain_file(ctx, cert)) { SSL_CTX_free(ctx); return NULL; } - EVP_PKEY *k = PEM_read_PrivateKey(f, NULL, NULL, NULL); - fclose(f); - if (!k) { + if (!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) { SSL_CTX_free(ctx); return NULL; } - SSL_CTX_use_PrivateKey(ctx, k); - EVP_PKEY_free(k); - f = fopen(cert, "r"); - if (!f) { - SSL_CTX_free(ctx); - return NULL; - } - X509 *c = PEM_read_X509(f, NULL, NULL, NULL); - fclose(f); - if (!c) { - SSL_CTX_free(ctx); - return NULL; - } - SSL_CTX_use_certificate(ctx, c); - X509_free(c); #endif #endif return ctx; commit 1f6c6434d6794b3ba14540a141bab358eba48b13 Author: Howard Chu <hyc@highlandsun.com> AuthorDate: Tue Oct 30 11:30:07 2012 -0700 Commit: Howard Chu <hyc@highlandsun.com> CommitDate: Tue Oct 30 11:30:26 2012 -0700 More authentication cleanup diff --git a/librtmp/rtmp.c b/librtmp/rtmp.c index 6d04708..4858e24 100644 --- a/librtmp/rtmp.c +++ b/librtmp/rtmp.c @@ -2512,15 +2512,14 @@ typedef struct md5_ctx MD5_CTX static const AVal av_authmod_adobe = AVC("authmod=adobe"); static const AVal av_authmod_llnw = AVC("authmod=llnw"); -static char *hexenc(unsigned char *inbuf, int len) +static void hexenc(unsigned char *inbuf, int len, char *dst) { - char *dst = malloc(len * 2 + 1), *ptr = dst; + char *ptr = dst; while(len--) { sprintf(ptr, "%02x", *inbuf++); ptr += 2; } *ptr = '\0'; - return dst; } static int @@ -2723,7 +2722,7 @@ PublisherAuth(RTMP *r, AVal *description) { char *orig_ptr; char *par, *val = NULL; - char *hash1, *hash2, *hash3; + char hash1[HEXHASH_LEN+1], hash2[HEXHASH_LEN+1], hash3[HEXHASH_LEN+1]; AVal user, nonce, *aptr = NULL; AVal apptmp; @@ -2790,7 +2789,7 @@ PublisherAuth(RTMP *r, AVal *description) RTMP_Log(RTMP_LOGDEBUG, "%s, md5(%s:%s:%s) =>", __FUNCTION__, user.av_val, realm, r->Link.pubPasswd.av_val); RTMP_LogHexString(RTMP_LOGDEBUG, md5sum_val, MD5_DIGEST_LENGTH); - hash1 = hexenc(md5sum_val, MD5_DIGEST_LENGTH); + hexenc(md5sum_val, MD5_DIGEST_LENGTH, hash1); /* hash2 = hexenc(md5(method + ":/" + app + "/" + appInstance)) */ /* Extract appname + appinstance without query parameters */ @@ -2807,7 +2806,7 @@ PublisherAuth(RTMP *r, AVal *description) RTMP_Log(RTMP_LOGDEBUG, "%s, md5(%s:/%.*s) =>", __FUNCTION__, method, apptmp.av_len, apptmp.av_val); RTMP_LogHexString(RTMP_LOGDEBUG, md5sum_val, MD5_DIGEST_LENGTH); - hash2 = hexenc(md5sum_val, MD5_DIGEST_LENGTH); + hexenc(md5sum_val, MD5_DIGEST_LENGTH, hash2); /* hash3 = hexenc(md5(hash1 + ":" + nonce + ":" + nchex + ":" + cnonce + ":" + qop + ":" + hash2)) */ MD5_Init(&md5ctx); @@ -2826,7 +2825,7 @@ PublisherAuth(RTMP *r, AVal *description) RTMP_Log(RTMP_LOGDEBUG, "%s, md5(%s:%s:%s:%s:%s:%s) =>", __FUNCTION__, hash1, nonce.av_val, nchex, cnonce, qop, hash2); RTMP_LogHexString(RTMP_LOGDEBUG, md5sum_val, MD5_DIGEST_LENGTH); - hash3 = hexenc(md5sum_val, MD5_DIGEST_LENGTH); + hexenc(md5sum_val, MD5_DIGEST_LENGTH, hash3); /* pubToken = &authmod=<authmod>&user=<username>&nonce=<nonce>&cnonce=<cnonce>&nc=<nchex>&response=<hash3> */ /* Append nonces and response to query string which already contains @@ -2839,9 +2838,6 @@ PublisherAuth(RTMP *r, AVal *description) RTMP_Log(RTMP_LOGDEBUG, "%s, pubToken2: %s", __FUNCTION__, pubToken.av_val); r->Link.pFlags |= RTMP_PUB_RESP|RTMP_PUB_CLATE; - free(hash1); - free(hash2); - free(hash3); free(orig_ptr); } else if(strstr(description->av_val, "?reason=authfail") != NULL) ----------------------------------------------------------------------- Summary of changes: librtmp/parseurl.c | 8 ++++++-- librtmp/rtmp.c | 38 ++++++++------------------------------ 2 files changed, 14 insertions(+), 32 deletions(-) hooks/post-receive --