/* split up the value in multiple key:value pairs if it contains comma(s) */
while (*value != '\0') {
gchar *next_value;
+ gchar *comma = NULL;
gboolean quoted = FALSE;
guint comment = 0;
comment++;
else if (comment != 0 && *next_value == ')')
comment--;
- else if (!quoted && comment == 0 && *next_value == ',')
- break;
+ else if (!quoted && comment == 0) {
+ /* To quote RFC 2068: "User agents MUST take special care in parsing
+ * the WWW-Authenticate field value if it contains more than one
+ * challenge, or if more than one WWW-Authenticate header field is
+ * provided, since the contents of a challenge may itself contain a
+ * comma-separated list of authentication parameters."
+ *
+ * What this means is that we cannot just look for an unquoted comma
+ * when looking for multiple values in Proxy-Authenticate and
+ * WWW-Authenticate headers. Instead we need to look for the sequence
+ * "comma [space] token space token" before we can split after the
+ * comma...
+ */
+ if (field == GST_RTSP_HDR_PROXY_AUTHENTICATE ||
+ field == GST_RTSP_HDR_WWW_AUTHENTICATE) {
+ if (*next_value == ',') {
+ if (next_value[1] == ' ') {
+ /* skip any space following the comma so we do not mistake it for
+ * separating between two tokens */
+ next_value++;
+ }
+ comma = next_value;
+ } else if (*next_value == ' ' && next_value[1] != ',' &&
+ next_value[1] != '=' && comma != NULL) {
+ next_value = comma;
+ comma = NULL;
+ break;
+ }
+ } else if (*next_value == ',')
+ break;
+ }
next_value++;
}