diff options
author | Erik Janssen <erik.janssen@axis.com> | 2016-08-10 08:58:10 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-08-10 08:58:10 +0200 |
commit | e577c43bb5c6728ae12c8171bac102a89c0cb0f9 (patch) | |
tree | 0300d31e05959a0bcdb3a95dd80b0f1d0af700b3 | |
parent | 85e63bcfc77a826cbe8a3410761b54e02ce2d08b (diff) |
rtsp: accept any RTSP session id
Makes libcurl work in communication with gstreamer-based RTSP
servers. The original code validates the session id to be in accordance
with the RFC. I think it is better not to do that:
- For curl the actual content is a don't care.
- The clarity of the RFC is debatable, is $ allowed or only as \$, that
is imho not clear
- Gstreamer seems to url-encode the session id but % is not allowed by
the RFC
- less code
With this patch curl will correctly handle real-life lines like:
Session: biTN4Kc.8%2B1w-AF.; timeout=60
Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html
-rw-r--r-- | lib/rtsp.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/lib/rtsp.c b/lib/rtsp.c index 27955bc44..eb60ff782 100644 --- a/lib/rtsp.c +++ b/lib/rtsp.c @@ -796,19 +796,15 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn, } } else { - /* If the Session ID is not set, and we find it in a response, then - set it */ - - /* The session ID can be an alphanumeric or a 'safe' character + /* If the Session ID is not set, and we find it in a response, then set + * it. * - * RFC 2326 15.1 Base Syntax: - * safe = "\$" | "-" | "_" | "." | "+" - * */ + * Allow any content, up to the field seperator or end of line. RFC 2326 + * isn't 100% clear on the session ID and for example gstreamer does + * url-encoded session ID's not covered by the standard. + */ char *end = start; - while(*end && - (ISALNUM(*end) || *end == '-' || *end == '_' || *end == '.' || - *end == '+' || - (*end == '\\' && *(end + 1) && *(end + 1) == '$' && (++end, 1)))) + while(*end && *end != ';') end++; /* Copy the id substring into a new buffer */ |