From e577c43bb5c6728ae12c8171bac102a89c0cb0f9 Mon Sep 17 00:00:00 2001 From: Erik Janssen Date: Wed, 10 Aug 2016 08:58:10 +0200 Subject: rtsp: accept any RTSP session id Makes libcurl work in communication with gstreamer-based RTSP servers. The original code validates the session id to be in accordance with the RFC. I think it is better not to do that: - For curl the actual content is a don't care. - The clarity of the RFC is debatable, is $ allowed or only as \$, that is imho not clear - Gstreamer seems to url-encode the session id but % is not allowed by the RFC - less code With this patch curl will correctly handle real-life lines like: Session: biTN4Kc.8%2B1w-AF.; timeout=60 Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html --- lib/rtsp.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/lib/rtsp.c b/lib/rtsp.c index 27955bc44..eb60ff782 100644 --- a/lib/rtsp.c +++ b/lib/rtsp.c @@ -796,19 +796,15 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn, } } else { - /* If the Session ID is not set, and we find it in a response, then - set it */ - - /* The session ID can be an alphanumeric or a 'safe' character + /* If the Session ID is not set, and we find it in a response, then set + * it. * - * RFC 2326 15.1 Base Syntax: - * safe = "\$" | "-" | "_" | "." | "+" - * */ + * Allow any content, up to the field seperator or end of line. RFC 2326 + * isn't 100% clear on the session ID and for example gstreamer does + * url-encoded session ID's not covered by the standard. + */ char *end = start; - while(*end && - (ISALNUM(*end) || *end == '-' || *end == '_' || *end == '.' || - *end == '+' || - (*end == '\\' && *(end + 1) && *(end + 1) == '$' && (++end, 1)))) + while(*end && *end != ';') end++; /* Copy the id substring into a new buffer */ -- cgit v1.2.3