moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity

rtsp: fixed Session ID comparison to refuse prefix

Browse Source 
Closes #6161
This commit is contained in:
Harry Sintonen 2020-11-03 03:36:56 +02:00 committed by Daniel Stenberg
parent 76140ecfde
commit adb0fcfab2
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/rtsp.c
View File

@ -786,9 +786,18 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
failf(data, "Got a blank Session ID");
}
else if(data->set.str[STRING_RTSP_SESSION_ID]) {
char *end;
size_t idlen;
/* Find the end of Session ID */
end = start + 1;
while(*end && !ISSPACE(*end))
end++;
idlen = end - start;
/* If the Session ID is set, then compare */
if(strncmp(start, data->set.str[STRING_RTSP_SESSION_ID],
strlen(data->set.str[STRING_RTSP_SESSION_ID])) != 0) {
if(strlen(data->set.str[STRING_RTSP_SESSION_ID]) != idlen ||
strncmp(start, data->set.str[STRING_RTSP_SESSION_ID], idlen) != 0) {
failf(data, "Got RTSP Session ID Line [%s], but wanted ID [%s]",
start, data->set.str[STRING_RTSP_SESSION_ID]);
return CURLE_RTSP_SESSION_ERROR;