[Common-dev] Re: CR-Client Fix for PR 146720 [fails to play secure content]
Greg Wright gwright at real.com
Anil Jaiswal wrote:
> Hi Greg,
>
> Please find the new cvs diff below.
>
> Index: rn5auth.cpp
> ===================================================================
> RCS file: /cvsroot/common/auth/rn5auth/rn5auth.cpp,v
> retrieving revision 1.2.6.2
> diff -u -r1.2.6.2 rn5auth.cpp
> --- rn5auth.cpp 9 Jun 2005 00:49:54 -0000 1.2.6.2
> +++ rn5auth.cpp 29 Aug 2005 22:26:45 -0000
> @@ -876,7 +876,6 @@
>
> if (strncasecmp(pszChallenge, "RN5", 3) == 0)
> {
> - HX_RELEASE(pChallengeBuf);
Again, where is this going to be released?
> return _HeaderToCredentials(pChallengeBuf, ppCredentials);
> }
> }
> @@ -896,9 +895,21 @@
> IHXValues** ppCredentials
> )
> {
> - char* sChallenge = (char*) pHeader->GetBuffer();
> + HX_ASSERT(pHeader);
> + HX_RESULT retVal = HXR_FAIL;
>
> - if(strncasecmp(sChallenge, "RN5", 3) == 0)
> + char* sChallenge = NULL;
> +
> + if (pHeader)
> + {
> + sChallenge = (char*) pHeader->GetBuffer();
> + if (sChallenge)
> + {
> + retVal = HXR_OK;
> + }
> + }
> +
> + if(SUCCEEDED(retVal) && strncasecmp(sChallenge, "RN5", 3) == 0)
> {
> (*ppCredentials) = new CHXHeader;
> (*ppCredentials)->AddRef();
> @@ -924,10 +935,9 @@
> sChallenge += 3;
>
> _GetQuotedFields(sChallenge, *ppCredentials);
> - return HXR_OK;
> + retVal = HXR_OK;
> }
> -
> - return HXR_FAIL;
> + return retVal ;
> }
>
> HX_RESULT STDAPICALLTYPE CRN5Authenticator::HXCreateInstance
> Index: rn5auth.def
> ===================================================================
> RCS file: /cvsroot/common/auth/rn5auth/rn5auth.def,v
>
> Thanks and regards,
> ~Anil
>
> At 01:43 PM 8/29/2005, Greg Wright wrote:
>
>> Thanks for pointing out the new changes below, however, could you
>> please send the complete new diff? I have a bit easier time if
>> I can match up the code with the complete diff (it can answer
>> other questions that come up when I am CR'ing it).
>>
>> Thanks,
>> --greg.
>>
>>
>> Anil Jaiswal wrote:
>>
>>> Hi Greg,
>>> I have done the following changes in _HeaderToCredentials().
>>> Here is the new version of _HeaderToCredentials() which basically
>>> check for NULL for pHeader and
>>> also consolidate return statements to one place.
>>> HX_RESULT
>>> CRN5Authenticator::_HeaderToCredentials( IHXBuffer* pHeader,
>>> IHXValues** ppCredentials)
>>> {
>>> + HX_ASSERT(pHeader);
>>> + HX_RESULT retVal = HXR_FAIL;
>>> - char* sChallenge = (char*) pHeader->GetBuffer();
>>> + char* sChallenge = NULL;
>>> + if (pHeader)
>>> + {
>>> + sChallenge = (char*) pHeader->GetBuffer();
>>> + if (sChallenge)
>>> + {
>>> + retVal = HXR_OK;
>>> + }
>>> + }
>>> +
>>> - if(strncasecmp(sChallenge, "RN5", 3) == 0)
>>> + if(SUCCEEDED(retVal) && strncasecmp(sChallenge, "RN5", 3) == 0)
>>> {
>>> (*ppCredentials) = new CHXHeader;
>>> (*ppCredentials)->AddRef();
>>> IHXBuffer* pCipheredGUID = NULL;
>>> char* sGUID = NULL;
>>> if (m_pPreferencesCore &&
>>> m_pPreferencesCore->ReadPref(CLIENT_GUID_REGNAME,
>>> pCipheredGUID) == HXR_OK)
>>> {
>>> sGUID = DeCipher((char*)pCipheredGUID->GetBuffer());
>>> _SetPropertyFromCharArray(*ppCredentials, "GUID", sGUID);
>>> }
>>> else
>>> {
>>> _SetPropertyFromCharArray(*ppCredentials, "GUID",
>>> "GUIDLESS_CLIENT");
>>> }
>>> HX_RELEASE(pCipheredGUID);
>>> HX_VECTOR_DELETE(sGUID);
>>> sChallenge += 3;
>>> _GetQuotedFields(sChallenge, *ppCredentials);
>>> - return HXR_OK;
>>> + retVal = HXR_OK;
>>> }
>>> - return HXR_FAIL;
>>> + return retVal ;
>>> }
>>> Also pChallengeBuf is released in _ChallengeToCredentials() and
>>> pChallengeHeaders released in CRN5Authenticator::MakeResponse()
>>> [See below]
>>> HX_RESULT CRN5Authenticator::_ChallengeToCredentials(IHXValues*
>>> pChallengeHeaders, IHXValues** ppCredentials)
>>> {
>>> IHXBuffer* pChallengeBuf = NULL;
>>> const char* pPropertyName;
>>> HX_RESULT res =
>>> pChallengeHeaders->GetFirstPropertyCString(pPropertyName,
>>> pChallengeBuf);
>>> ...
>>> if (bIsAuthenticationHeader && pChallengeBuf)
>>> {
>>> const char* pszChallenge = (const
>>> char*)pChallengeBuf->GetBuffer();
>>> if (strncasecmp(pszChallenge, "RN5", 3) == 0)
>>> {
>>> - HX_RELEASE(pChallengeBuf);
>>> return _HeaderToCredentials(pChallengeBuf,
>>> ppCredentials);
>>> }
>>> }
>>> HX_RELEASE(pChallengeBuf);
>>> ^
>>> ...
>>> }
>>> CRN5Authenticator::MakeResponse( IHXClientAuthResponse*
>>> pClientRespondee, IHXRequest* pClientRequest)
>>> {
>>> ...
>>> cleanup:
>>> HX_RELEASE(pChallengeHeaders);
>>> ^
>>> }
>>> Thanks and regards,
>>> ~Anil Jaiswal
>>>
>>> At 10:22 AM 8/29/2005, Greg Wright wrote:
>>>
>>>> Anil Jaiswal wrote:
>>>>
>>>>> Modified by: ajaiswal at real.com
>>>>> Reviewed by:
>>>>> Date: 08-25-2005
>>>>> Project:
>>>>> HEAD, 150Cay
>>>>> Synopsis:
>>>>> RealPlayer fails to play secure content. Presentation does not
>>>>> stream and client is also not displaying any error message.
>>>>>
>>>>> Fix:
>>>>> For accessing secure media presentations from RTSP servers client
>>>>> require authentication for accessing the resource. Here the client
>>>>> was able be able to recognize rtsp-server generated 401 status code
>>>>> but was failing to parse
>>>>> and include the WWW-Authenticate header as the header containing
>>>>> challenge
>>>>> buffer released before it is parsed.
>>>>> This change fixes
>>>>> access violation and client now prompts for authentication
>>>>> information from user and streams the presentation.
>>>>>
>>>>> Files Modified:
>>>>> common/auth/rn5auth/rn5auth.cpp
>>>>> Image Size and Heap Use impact:
>>>>> none
>>>>> Platforms and Profiles Affected:
>>>>> all platforms, all profiles
>>>>> Platforms and Profiles Build Verified:
>>>>> Windows
>>>>> helix-client-all-defines.pf
>>>>> Platforms and Profiles Functionality verified:
>>>>> RealPlayer installed from hotrod build on Windows
>>>>> helix-client-all-defines.pf
>>>>> cvs diff :
>>>>> ? vc60.idb
>>>>> cvs diff: Diffing .
>>>>> Index: rn5auth.cpp
>>>>> ===================================================================
>>>>> RCS file: /cvsroot/common/auth/rn5auth/rn5auth.cpp,v
>>>>> retrieving revision 1.2.6.2
>>>>> diff -u -w -r1.2.6.2 rn5auth.cpp
>>>>> --- rn5auth.cpp 9 Jun 2005 00:49:54 -0000 1.2.6.2
>>>>> +++ rn5auth.cpp 25 Aug 2005 19:40:19 -0000
>>>>> @@ -876,7 +876,6 @@
>>>>> if (strncasecmp(pszChallenge, "RN5", 3) == 0)
>>>>> {
>>>>> - HX_RELEASE(pChallengeBuf);
>>>>> return _HeaderToCredentials(pChallengeBuf,
>>>>> ppCredentials);
>>>>
>>>>
>>>>
>>>> Does this get released somewhere else then?
>>>>
>>>>> }
>>>>> }
>>>>> @@ -896,6 +895,7 @@
>>>>> IHXValues** ppCredentials
>>>>> )
>>>>> {
>>>>> + HX_ASSERT(pHeader);
>>>>> char* sChallenge = (char*) pHeader->GetBuffer();
>>>>
>>>>
>>>>
>>>> If it is possible that pHeader could be NULL, then you must test
>>>> for NULL in an if().
>>>>
>>>> --greg.
>>>>
>>>>> if(strncasecmp(sChallenge, "RN5", 3) == 0)
>>>>> Index: rn5auth.def
>>>>> ===================================================================
>>>>> RCS file: /cvsroot/common/auth/rn5auth/rn5auth.def,v
>>>>> retrieving revision 1.1
>>>>> diff -u -w -r1.1 rn5auth.def
>>>>> cvs diff: Diffing platform
>>>>> cvs diff: Diffing platform/mac
>>>
>>>
>
>