From: Erik Janssen Date: Wed, 10 Aug 2016 06:58:10 +0000 (+0200) Subject: rtsp: accept any RTSP session id X-Git-Tag: curl-7_50_2~86 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e577c43bb;p=thirdparty%2Fcurl.git rtsp: accept any RTSP session id Makes libcurl work in communication with gstreamer-based RTSP servers. The original code validates the session id to be in accordance with the RFC. I think it is better not to do that: - For curl the actual content is a don't care. - The clarity of the RFC is debatable, is $ allowed or only as \$, that is imho not clear - Gstreamer seems to url-encode the session id but % is not allowed by the RFC - less code With this patch curl will correctly handle real-life lines like: Session: biTN4Kc.8%2B1w-AF.; timeout=60 Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html --- diff --git a/lib/rtsp.c b/lib/rtsp.c index 27955bc448..eb60ff7829 100644 --- a/lib/rtsp.c +++ b/lib/rtsp.c @@ -796,19 +796,15 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn, } } else { - /* If the Session ID is not set, and we find it in a response, then - set it */ - - /* The session ID can be an alphanumeric or a 'safe' character + /* If the Session ID is not set, and we find it in a response, then set + * it. * - * RFC 2326 15.1 Base Syntax: - * safe = "\$" | "-" | "_" | "." | "+" - * */ + * Allow any content, up to the field seperator or end of line. RFC 2326 + * isn't 100% clear on the session ID and for example gstreamer does + * url-encoded session ID's not covered by the standard. + */ char *end = start; - while(*end && - (ISALNUM(*end) || *end == '-' || *end == '_' || *end == '.' || - *end == '+' || - (*end == '\\' && *(end + 1) && *(end + 1) == '$' && (++end, 1)))) + while(*end && *end != ';') end++; /* Copy the id substring into a new buffer */