Fix RTSP WWW-Authenticate header parsing.

Issue: #9428 #minor-release PiperOrigin-RevId: 397064086
google · Sep 16, 2021 · 2f0aae0 · 2f0aae0
1 parent 78fc27a
commit 2f0aae0
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 9 deletions.
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
@@ -103,6 +103,8 @@
         ([#9346](https://github.com/google/ExoPlayer/issues/9346)).
     *   Fix RTSP Session header handling
         ([#9416](https://github.com/google/ExoPlayer/issues/9416)).
+    *   Fix RTSP WWW-Authenticate header parsing
+        ([#9428](https://github.com/google/ExoPlayer/issues/9428)).
 *   Extractors:
     *   ID3: Fix issue decoding ID3 tags containing UTF-16 encoded strings
         ([#9087](https://github.com/google/ExoPlayer/issues/9087)).

diff --git a/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java b/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
@@ -99,13 +99,13 @@ public RtspAuthUserInfo(String username, String password) {
   // WWW-Authenticate header pattern, see RFC2068 Sections 14.46 and RFC2069.
   private static final Pattern WWW_AUTHENTICATION_HEADER_DIGEST_PATTERN =
       Pattern.compile(
-          "Digest realm=\"([\\w\\s@.]+)\""
-              + ",\\s?(?:domain=\"(.+)\",\\s?)?"
-              + "nonce=\"(\\w+)\""
-              + "(?:,\\s?opaque=\"(\\w+)\")?");
+          "Digest realm=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\""
+              + ",\\s?(?:domain=\"(.+)\""
+              + ",\\s?)?nonce=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\""
+              + "(?:,\\s?opaque=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\")?");
   // WWW-Authenticate header pattern, see RFC2068 Section 11.1 and RFC2069.
   private static final Pattern WWW_AUTHENTICATION_HEADER_BASIC_PATTERN =
-      Pattern.compile("Basic realm=\"([\\w\\s@.]+)\"");
+      Pattern.compile("Basic realm=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\"");
 
   private static final String RTSP_VERSION = "RTSP/1.0";
   private static final String LF = new String(new byte[] {Ascii.LF});

diff --git a/...ary/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java b/...ary/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
@@ -499,24 +499,24 @@ public void extractUserInfo_withProperlyFormattedUri_succeeds() {
   @Test
   public void parseWWWAuthenticateHeader_withBasicAuthentication_succeeds() throws Exception {
     RtspAuthenticationInfo authenticationInfo =
-        RtspMessageUtil.parseWwwAuthenticateHeader("Basic realm=\"WallyWorld\"");
+        RtspMessageUtil.parseWwwAuthenticateHeader("Basic realm=\"Wally - World\"");
     assertThat(authenticationInfo.authenticationMechanism).isEqualTo(RtspAuthenticationInfo.BASIC);
     assertThat(authenticationInfo.nonce).isEmpty();
-    assertThat(authenticationInfo.realm).isEqualTo("WallyWorld");
+    assertThat(authenticationInfo.realm).isEqualTo("Wally - World");
   }
 
   @Test
   public void parseWWWAuthenticateHeader_withDigestAuthenticationWithDomain_succeeds()
       throws Exception {
     RtspAuthenticationInfo authenticationInfo =
         RtspMessageUtil.parseWwwAuthenticateHeader(
-            "Digest realm=\"testrealm@host.com\", domain=\"host.com\","
+            "Digest realm=\"test-realm@host.com\", domain=\"host.com\","
                 + " nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
                 + " opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"");
 
     assertThat(authenticationInfo.authenticationMechanism).isEqualTo(RtspAuthenticationInfo.DIGEST);
     assertThat(authenticationInfo.nonce).isEqualTo("dcd98b7102dd2f0e8b11d0f600bfb0c093");
-    assertThat(authenticationInfo.realm).isEqualTo("testrealm@host.com");
+    assertThat(authenticationInfo.realm).isEqualTo("test-realm@host.com");
     assertThat(authenticationInfo.opaque).isEmpty();
   }