rtsp: fixed Session ID comparison to refuse prefix

author Harry Sintonen <sintonen@iki.fi>

Tue, 3 Nov 2020 01:36:56 +0000 (03:36 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 4 Nov 2020 07:14:01 +0000 (08:14 +0100)
author Harry Sintonen <sintonen@iki.fi>
Tue, 3 Nov 2020 01:36:56 +0000 (03:36 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 4 Nov 2020 07:14:01 +0000 (08:14 +0100)
diff --git a/lib/rtsp.c b/lib/rtsp.c

index 46c3c4f8f4f13d4e6c7504347b3d1737d9769a7e..93aac0f20b12a39ce6bd4ac7bf4c9c9ee74cf680 100644 (file)
--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -786,9 +786,18 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
        failf(data, "Got a blank Session ID");
      }
      else if(data->set.str[STRING_RTSP_SESSION_ID]) {
+      char *end;
+      size_t idlen;
+
+      /* Find the end of Session ID */
+      end = start + 1;
+      while(*end && !ISSPACE(*end))
+        end++;
+      idlen = end - start;
+
        /* If the Session ID is set, then compare */
-      if(strncmp(start, data->set.str[STRING_RTSP_SESSION_ID],
-                 strlen(data->set.str[STRING_RTSP_SESSION_ID]))  != 0) {
+      if(strlen(data->set.str[STRING_RTSP_SESSION_ID]) != idlen ||
+         strncmp(start, data->set.str[STRING_RTSP_SESSION_ID], idlen) != 0) {
          failf(data, "Got RTSP Session ID Line [%s], but wanted ID [%s]",
                start, data->set.str[STRING_RTSP_SESSION_ID]);
          return CURLE_RTSP_SESSION_ERROR;
author	Harry Sintonen <sintonen@iki.fi>
	Tue, 3 Nov 2020 01:36:56 +0000 (03:36 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 4 Nov 2020 07:14:01 +0000 (08:14 +0100)