Merge remote-tracking branch 'qatar/master'

[ffmpeg] / libavformat / httpauth.c

diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
index 86cdac7f07251cb3de542ad602742cca6cf4b2b3..646f909a0dbf54d7a1b659cd9efda0e36a2b1f58 100644 (file)
--- a/libavformat/httpauth.c
+++ b/libavformat/httpauth.c
@@ -25,6 +25,7 @@
 #include "internal.h"
 #include "libavutil/random_seed.h"
 #include "libavutil/md5.h"
+#include "urldecode.h"
 #include "avformat.h"
 #include <ctype.h>
 
@@ -251,18 +252,28 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
         return NULL;
 
     if (state->auth_type == HTTP_AUTH_BASIC) {
-        int auth_b64_len = AV_BASE64_SIZE(strlen(auth));
-        int len = auth_b64_len + 30;
-        char *ptr;
+        int auth_b64_len, len;
+        char *ptr, *decoded_auth = ff_urldecode(auth);
+
+        if (!decoded_auth)
+            return NULL;
+
+        auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth));
+        len = auth_b64_len + 30;
+
         authstr = av_malloc(len);
-        if (!authstr)
+        if (!authstr) {
+            av_free(decoded_auth);
             return NULL;
+        }
+
         snprintf(authstr, len, "Authorization: Basic ");
         ptr = authstr + strlen(authstr);
-        av_base64_encode(ptr, auth_b64_len, auth, strlen(auth));
+        av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth));
         av_strlcat(ptr, "\r\n", len - (ptr - authstr));
+        av_free(decoded_auth);
     } else if (state->auth_type == HTTP_AUTH_DIGEST) {
-        char *username = av_strdup(auth), *password;
+        char *username = ff_urldecode(auth), *password;
 
         if (!username)
             return NULL;