Fix RTSP WWW-Authenticate header parsing.

Issue: #9428 #minor-release PiperOrigin-RevId: 397064086
2026-03-26 09:35:47 +00:00 · 2021-09-16 14:12:19 +01:00 · 2021-09-16 14:12:19 +01:00 · 2f0aae0d5f
commit 2f0aae0d5f
parent 78fc27a1c6
3 changed files with 11 additions and 9 deletions
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@ -103,6 +103,8 @@
        ([#9346](https://github.com/google/ExoPlayer/issues/9346)).
    *   Fix RTSP Session header handling
        ([#9416](https://github.com/google/ExoPlayer/issues/9416)).
+    *   Fix RTSP WWW-Authenticate header parsing
+        ([#9428](https://github.com/google/ExoPlayer/issues/9428)).
 *   Extractors:
    *   ID3: Fix issue decoding ID3 tags containing UTF-16 encoded strings
        ([#9087](https://github.com/google/ExoPlayer/issues/9087)).
--- a/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
+++ b/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
@ -99,13 +99,13 @@ import java.util.regex.Pattern;
  // WWW-Authenticate header pattern, see RFC2068 Sections 14.46 and RFC2069.
  private static final Pattern WWW_AUTHENTICATION_HEADER_DIGEST_PATTERN =
      Pattern.compile(
-          "Digest realm=\"([\\w\\s@.]+)\""
-              + ",\\s?(?:domain=\"(.+)\",\\s?)?"
-              + "nonce=\"(\\w+)\""
-              + "(?:,\\s?opaque=\"(\\w+)\")?");
+          "Digest realm=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\""
+              + ",\\s?(?:domain=\"(.+)\""
+              + ",\\s?)?nonce=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\""
+              + "(?:,\\s?opaque=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\")?");
  // WWW-Authenticate header pattern, see RFC2068 Section 11.1 and RFC2069.
  private static final Pattern WWW_AUTHENTICATION_HEADER_BASIC_PATTERN =
-      Pattern.compile("Basic realm=\"([\\w\\s@.]+)\"");
+      Pattern.compile("Basic realm=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\"");

  private static final String RTSP_VERSION = "RTSP/1.0";
  private static final String LF = new String(new byte[] {Ascii.LF});
--- a/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
+++ b/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
@ -499,10 +499,10 @@ public final class RtspMessageUtilTest {
  @Test
  public void parseWWWAuthenticateHeader_withBasicAuthentication_succeeds() throws Exception {
    RtspAuthenticationInfo authenticationInfo =
-        RtspMessageUtil.parseWwwAuthenticateHeader("Basic realm=\"WallyWorld\"");
+        RtspMessageUtil.parseWwwAuthenticateHeader("Basic realm=\"Wally - World\"");
    assertThat(authenticationInfo.authenticationMechanism).isEqualTo(RtspAuthenticationInfo.BASIC);
    assertThat(authenticationInfo.nonce).isEmpty();
-    assertThat(authenticationInfo.realm).isEqualTo("WallyWorld");
+    assertThat(authenticationInfo.realm).isEqualTo("Wally - World");
  }

  @Test
@ -510,13 +510,13 @@ public final class RtspMessageUtilTest {
      throws Exception {
    RtspAuthenticationInfo authenticationInfo =
        RtspMessageUtil.parseWwwAuthenticateHeader(
-            "Digest realm=\"testrealm@host.com\", domain=\"host.com\","
+            "Digest realm=\"test-realm@host.com\", domain=\"host.com\","
                + " nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
                + " opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"");

    assertThat(authenticationInfo.authenticationMechanism).isEqualTo(RtspAuthenticationInfo.DIGEST);
    assertThat(authenticationInfo.nonce).isEqualTo("dcd98b7102dd2f0e8b11d0f600bfb0c093");
-    assertThat(authenticationInfo.realm).isEqualTo("testrealm@host.com");
+    assertThat(authenticationInfo.realm).isEqualTo("test-realm@host.com");
    assertThat(authenticationInfo.opaque).isEmpty();
  }