rtsp-auth: Fix NULL pointer dereference when handling an invalid basic Authorization header

When using the basic authentication scheme, we wouldn't validate that
the authorization field of the credentials is not NULL and pass it on
to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
dereference the NULL pointer and crash.
A specially crafted (read: invalid) RTSP header can cause this to
happen.

As a solution, check for the authorization to be not NULL before
continuing processing it and if it is simply fail authentication.

This fixes CVE-2020-6095 and TALOS-2020-1018.

Discovered by Peter Wang of Cisco ASIG.
19 jobs for backport-mr-111-into-1.16-rtsp-auth-basic-crash in 64 minutes and 44 seconds (queued for 9 seconds)
Status Job ID Name Coverage
  Preparation
passed #2986253
gst indent

00:00:18

passed #2986252
manifest

00:00:44

 
  Build
passed #2986262
build cerbero android universal

00:12:00

passed #2986263
build cerbero cross win32

00:09:16

passed #2986264
build cerbero cross win64

00:05:40

passed #2986261
build cerbero fedora x86_64

00:06:57

passed #2986266
gst-ios-13.2
build cerbero ios universal

00:44:01

passed #2986265
gst-macos-10.15
build cerbero macos x86_64

00:10:35

passed #2986254
build fedora x86_64

00:03:26

manual #2986260
docker windows 1809 allowed to fail manual
build msys2
passed #2986255
build nodebug fedora x86_64

00:04:25

passed #2986256
build static fedora x86_64

00:03:03

passed #2986257
build static nodebug fedora x86_64

00:03:08

passed #2986292
docker windows 1809
build vs2017 amd64

00:13:55

passed #2986259
docker windows 1809
build vs2017 x86

00:14:42

failed #2986258
docker windows 1809
build vs2017 amd64

00:06:03

 
  Test
passed #2986267
gstreamer
check fedora

00:02:34

passed #2986268
gstreamer
integration testsuites fedora

00:05:48

 
  Integrate
passed #2986269
android universal examples

00:06:19