From 2f0aae0d5fccb60dc366141408ac46dc5668516d Mon Sep 17 00:00:00 2001
From: claincly <claincly@google.com>
Date: Thu, 16 Sep 2021 14:12:19 +0100
Subject: [PATCH] Fix RTSP WWW-Authenticate header parsing.

Issue: #9428

#minor-release

PiperOrigin-RevId: 397064086
---
 RELEASENOTES.md                                        |  2 ++
 .../exoplayer2/source/rtsp/RtspMessageUtil.java        | 10 +++++-----
 .../exoplayer2/source/rtsp/RtspMessageUtilTest.java    |  8 ++++----
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index 05f0ff7d52..d30bce256c 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -103,6 +103,8 @@
         ([#9346](https://github.com/google/ExoPlayer/issues/9346)).
     *   Fix RTSP Session header handling
         ([#9416](https://github.com/google/ExoPlayer/issues/9416)).
+    *   Fix RTSP WWW-Authenticate header parsing
+        ([#9428](https://github.com/google/ExoPlayer/issues/9428)).
 *   Extractors:
     *   ID3: Fix issue decoding ID3 tags containing UTF-16 encoded strings
         ([#9087](https://github.com/google/ExoPlayer/issues/9087)).
diff --git a/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java b/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
index 4e8b7a08d0..8f46b43e74 100644
--- a/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
+++ b/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
@@ -99,13 +99,13 @@ import java.util.regex.Pattern;
   // WWW-Authenticate header pattern, see RFC2068 Sections 14.46 and RFC2069.
   private static final Pattern WWW_AUTHENTICATION_HEADER_DIGEST_PATTERN =
       Pattern.compile(
-          "Digest realm=\"([\\w\\s@.]+)\""
-              + ",\\s?(?:domain=\"(.+)\",\\s?)?"
-              + "nonce=\"(\\w+)\""
-              + "(?:,\\s?opaque=\"(\\w+)\")?");
+          "Digest realm=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\""
+              + ",\\s?(?:domain=\"(.+)\""
+              + ",\\s?)?nonce=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\""
+              + "(?:,\\s?opaque=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\")?");
   // WWW-Authenticate header pattern, see RFC2068 Section 11.1 and RFC2069.
   private static final Pattern WWW_AUTHENTICATION_HEADER_BASIC_PATTERN =
-      Pattern.compile("Basic realm=\"([\\w\\s@.]+)\"");
+      Pattern.compile("Basic realm=\"([^\"\\x00-\\x08\\x0A-\\x1f\\x7f]+)\"");
 
   private static final String RTSP_VERSION = "RTSP/1.0";
   private static final String LF = new String(new byte[] {Ascii.LF});
diff --git a/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java b/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
index d6a37965c0..3cf2d27768 100644
--- a/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
+++ b/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
@@ -499,10 +499,10 @@ public final class RtspMessageUtilTest {
   @Test
   public void parseWWWAuthenticateHeader_withBasicAuthentication_succeeds() throws Exception {
     RtspAuthenticationInfo authenticationInfo =
-        RtspMessageUtil.parseWwwAuthenticateHeader("Basic realm=\"WallyWorld\"");
+        RtspMessageUtil.parseWwwAuthenticateHeader("Basic realm=\"Wally - World\"");
     assertThat(authenticationInfo.authenticationMechanism).isEqualTo(RtspAuthenticationInfo.BASIC);
     assertThat(authenticationInfo.nonce).isEmpty();
-    assertThat(authenticationInfo.realm).isEqualTo("WallyWorld");
+    assertThat(authenticationInfo.realm).isEqualTo("Wally - World");
   }
 
   @Test
@@ -510,13 +510,13 @@ public final class RtspMessageUtilTest {
       throws Exception {
     RtspAuthenticationInfo authenticationInfo =
         RtspMessageUtil.parseWwwAuthenticateHeader(
-            "Digest realm=\"testrealm@host.com\", domain=\"host.com\","
+            "Digest realm=\"test-realm@host.com\", domain=\"host.com\","
                 + " nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
                 + " opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"");
 
     assertThat(authenticationInfo.authenticationMechanism).isEqualTo(RtspAuthenticationInfo.DIGEST);
     assertThat(authenticationInfo.nonce).isEqualTo("dcd98b7102dd2f0e8b11d0f600bfb0c093");
-    assertThat(authenticationInfo.realm).isEqualTo("testrealm@host.com");
+    assertThat(authenticationInfo.realm).isEqualTo("test-realm@host.com");
     assertThat(authenticationInfo.opaque).isEmpty();
   }