rtsp: accept any RTSP session id

Makes libcurl work in communication with gstreamer-based RTSP
servers. The original code validates the session id to be in accordance
with the RFC. I think it is better not to do that:

- For curl the actual content is a don't care.

- The clarity of the RFC is debatable, is $ allowed or only as \$, that
  is imho not clear

- Gstreamer seems to url-encode the session id but % is not allowed by
the RFC

- less code

With this patch curl will correctly handle real-life lines like:
Session: biTN4Kc.8%2B1w-AF.; timeout=60

Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html

diff --git a/lib/rtsp.c b/lib/rtsp.c
index 27955bc44887d1381554594ece2ea71e53577542..eb60ff78292095ca65b72140669ae18ad071f94a 100644 (file)
--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -796,19 +796,15 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
       }
     }
     else {
-      /* If the Session ID is not set, and we find it in a response, then
-         set it */
-
-      /* The session ID can be an alphanumeric or a 'safe' character
+      /* If the Session ID is not set, and we find it in a response, then set
+       * it.
        *
-       * RFC 2326 15.1 Base Syntax:
-       * safe =  "\$" | "-" | "_" | "." | "+"
-       * */
+       * Allow any content, up to the field seperator or end of line. RFC 2326
+       * isn't 100% clear on the session ID and for example gstreamer does
+       * url-encoded session ID's not covered by the standard.
+       */
       char *end = start;
-      while(*end &&
-            (ISALNUM(*end) || *end == '-' || *end == '_' || *end == '.' ||
-             *end == '+' ||
-             (*end == '\\' && *(end + 1) && *(end + 1) == '$' && (++end, 1))))
+      while(*end && *end != ';')
         end++;
 
       /* Copy the id substring into a new buffer */