http: make the RTSP version check stricter

- make it only accept version 1.0, as that is the version curl supports
- convert the parser to use strparse
- the status code max is now 999, but it does allow != 3 digits

Closes #16435

diff --git a/docs/internals/STRPARSE.md b/docs/internals/STRPARSE.md
index 2ae92595e61ea64463625842ae4f13e1a32a2b3d..b6117df9acefab7fa66333c8f443aa52ed23b7fa 100644 (file)
--- a/docs/internals/STRPARSE.md
+++ b/docs/internals/STRPARSE.md
@@ -151,6 +151,15 @@ int Curl_str_casecompare(struct Curl_str *str, const char *check);
 Returns true if the provided string in the `str` argument matches the `check`
 string case insensitively.
 
+## `Curl_str_cmp`
+
+~~~c
+int Curl_str_cmp(struct Curl_str *str, const char *check);
+~~~
+
+Returns true if the provided string in the `str` argument matches the `check`
+string case sensitively. This is *not* the same return code as `strcmp`.
+
 ## `Curl_str_nudge`
 
 ~~~c

diff --git a/lib/http.c b/lib/http.c
index ca8debe79d67898ceb5c7de480504384f3d5baee..76cd9bcc6be449e4d78ba37ab1c900682c38264a 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -3987,30 +3987,22 @@ static CURLcode http_rw_hd(struct Curl_easy *data,
     }
     else if(data->conn->handler->protocol & CURLPROTO_RTSP) {
       const char *p = hd;
-      while(ISBLANK(*p))
-        p++;
-      if(!strncmp(p, "RTSP/", 5)) {
-        p += 5;
-        if(ISDIGIT(*p)) {
-          p++;
-          if((p[0] == '.') && ISDIGIT(p[1])) {
-            if(ISBLANK(p[2])) {
-              p += 3;
-              if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
-                k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 +
-                  (p[2] - '0');
-                p += 3;
-                if(ISSPACE(*p)) {
-                  fine_statusline = TRUE;
-                  k->httpversion = 11; /* RTSP acts like HTTP 1.1 */
-                }
-              }
-            }
-          }
+      struct Curl_str ver;
+      curl_off_t status;
+      /* we set the max string a little excessive to forgive some leading
+         spaces */
+      if(!Curl_str_until(&p, &ver, 32, ' ') &&
+         !Curl_str_single(&p, ' ') &&
+         !Curl_str_number(&p, &status, 999)) {
+        Curl_str_trimblanks(&ver);
+        if(Curl_str_cmp(&ver, "RTSP/1.0")) {
+          k->httpcode = (int)status;
+          fine_statusline = TRUE;
+          k->httpversion = 11; /* RTSP acts like HTTP 1.1 */
         }
-        if(!fine_statusline)
-          return CURLE_WEIRD_SERVER_REPLY;
       }
+      if(!fine_statusline)
+        return CURLE_WEIRD_SERVER_REPLY;
     }
 
     if(fine_statusline) {

diff --git a/lib/strparse.c b/lib/strparse.c
index 076b91d69fe0854274df3df46554d53d026472cc..97f70ba7b221cb182aca77774deb179617ee06d8 100644 (file)
--- a/lib/strparse.c
+++ b/lib/strparse.c
@@ -203,6 +203,16 @@ int Curl_str_casecompare(struct Curl_str *str, const char *check)
   return ((str->len == clen) && strncasecompare(str->str, check, clen));
 }
 
+/* case sensitive string compare. Returns non-zero on match. */
+int Curl_str_cmp(struct Curl_str *str, const char *check)
+{
+  if(check) {
+    size_t clen = strlen(check);
+    return ((str->len == clen) && !strncmp(str->str, check, clen));
+  }
+  return !!(str->len);
+}
+
 /* Trim off 'num' number of bytes from the beginning (left side) of the
    string. If 'num' is larger than the string, return error. */
 int Curl_str_nudge(struct Curl_str *str, size_t num)

diff --git a/lib/strparse.h b/lib/strparse.h
index f096526452a31f0a17fc496cc0d5d252d2ec5e00..3dbbf9a2623846d7e48100bf1ab4c5ed8c009f74 100644 (file)
--- a/lib/strparse.h
+++ b/lib/strparse.h
@@ -85,6 +85,7 @@ int Curl_str_newline(const char **linep);
 /* case insensitive compare that the parsed string matches the
    given string. */
 int Curl_str_casecompare(struct Curl_str *str, const char *check);
+int Curl_str_cmp(struct Curl_str *str, const char *check);
 
 int Curl_str_nudge(struct Curl_str *str, size_t num);
 

diff --git a/tests/data/test689 b/tests/data/test689
index 381ae225ae21da06b85615b89bec7bf564b579b6..31f81983d1046e548be8c59ad9d7a7b0e27f76be 100644 (file)
--- a/tests/data/test689
+++ b/tests/data/test689
@@ -11,7 +11,7 @@ OPTIONS
 # Server-side
 <reply>
 <data>
-RTSP/7.1 786          
+RTSP/1.0 786          
 
 RTSP/          
 </data>