[Live-devel] RTSP server extending

Igor Bukanov igor at mir2.org
Tue Apr 24 07:34:44 PDT 2007


On 24/04/07, Gustaf Räntilä <opera at kth.se> wrote:
> Igor Bukanov wrote:
> > The question: is client supposed to call DESCRIBE before calling any
> > other commands within the same TCP session? If so the authentication
> > bug is that the RTSPServer.cpp does not check for that.
> >
> What? I just wrote, that it's not enough to trust that clients won't
> send PLAY after an "unauthorized" DESCRIBE. That's why I fixed it in the
> patch also. And obviously some clients _don't_ give a wuzz about
> DESCRIBE at all, so putting any trust in that is nuts. In my patch, the
> authorization function (with my session callback, or with the current
> user/pass class) is called from the other (critical) command functions.

Right, one really needs to check for allowed ip address before
starting a session as your patch is doing. The only problem with the
patch is that incomingConnectionHandler1 needs to close the
clientSocket when sessionAccept fails.

Regards, Igor




> >> Comment 2:
> >> It is very difficult to follow the development of liveMedia and
> >> cooperate by sending patches when there is no source code repository to
> >> regularly update. Manually diffing the tar.gz tree is cumbersome.
> >>
> >
> > This is where quilt comes extremely handy,
> > http://savannah.nongnu.org/projects/quilt . It allows to track tar
> > with the same ease as one would use CVS/SVN etc.
> >
> >
> I will look into that, thanks for the hint!
>
> Gustaf
> _______________________________________________
> live-devel mailing list
> live-devel at lists.live555.com
> http://lists.live555.com/mailman/listinfo/live-devel
>


More information about the live-devel mailing list