golang/owncast
1
0
Fork 0
mirror of https://github.com/owncast/owncast.git synced 2025-11-01 19:32:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix rtmp secret validation to allow / (#1069) (#1070)

Browse Source 
* Fix rtmp secret validation to allow `/` (#1069)

* add negative test cases for stuff before /live/

* simplify since Url.Path is already stripping the host

This means that we can simplify the code and make it much clearer.
Removes the tests that checked for the host and stuff between the host and /live/.
This commit is contained in:
Jannik
2021-06-05 05:09:43 +02:00
committed by GitHub
parent dc70642892
commit fae2c58259
3 changed files with 49 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/rtmp/rtmp.go
View File

@ -5,7 +5,6 @@ import (
"io"
"net"
"os"
"strings"
"syscall"
"time"
@ -78,9 +77,7 @@ func HandleConn(c *rtmp.Conn, nc net.Conn) {
return
}
streamingKeyComponents := strings.Split(c.URL.Path, "/")
streamingKey := streamingKeyComponents[len(streamingKeyComponents)-1]
if streamingKey != data.GetStreamKey() {
if !secretMatch(data.GetStreamKey(), c.URL.Path) {
log.Errorln("invalid streaming key; rejecting incoming stream")
nc.Close()
return