Commit a0361708 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Fix HTTP/RTSP crash on invalid request URI

parent 2b1a7345
...@@ -1728,16 +1728,27 @@ static void httpd_ClientRecv( httpd_client_t *cl ) ...@@ -1728,16 +1728,27 @@ static void httpd_ClientRecv( httpd_client_t *cl )
*p2++ = '\0'; *p2++ = '\0';
} }
if( !strncasecmp( p, ( cl->query.i_proto if( !strncasecmp( p, ( cl->query.i_proto
== HTTPD_PROTO_HTTP ) ? "http" : "rtsp", 4 ) == HTTPD_PROTO_HTTP ) ? "http:" : "rtsp:", 5 ) )
&& p[4 + !!strchr( "sS", p[4] )] == ':' )
{ /* Skip hier-part of URL (if present) */ { /* Skip hier-part of URL (if present) */
p = strchr( p, ':' ) + 1; /* skip URI scheme */ p += 5;
if( !strncmp( p, "//", 2 ) ) /* skip authority */ if( !strncmp( p, "//", 2 ) ) /* skip authority */
{ /* see RFC3986 §3.2 */ { /* see RFC3986 §3.2 */
p += 2; p += 2;
while( *p && !strchr( "/?#", *p ) ) p++; p += strcspn( p, "/?#" );
} }
} }
else
if( !strncasecmp( p, ( cl->query.i_proto
== HTTPD_PROTO_HTTP ) ? "https:" : "rtsps:", 6 ) )
{ /* Skip hier-part of URL (if present) */
p += 6;
if( !strncmp( p, "//", 2 ) ) /* skip authority */
{ /* see RFC3986 §3.2 */
p += 2;
p += strcspn( p, "/?#" );
}
}
cl->query.psz_url = strdup( p ); cl->query.psz_url = strdup( p );
if( ( p3 = strchr( cl->query.psz_url, '?' ) ) ) if( ( p3 = strchr( cl->query.psz_url, '?' ) ) )
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment