GNOME Bugzilla – Bug 643812
session: use full charset for RTSP session ID
Last modified: 2013-10-30 21:18:06 UTC
As specified in RFC 2326 section 3.4 use full valid charset to make guessing session ID more difficult.
Created attachment 182393 [details] [review] Fix for the bug report
I was wondering if there's an off-by-one at the end, but it turns out g_random_int(a,b) returns something within the range [a;b[ , so there's a buglet in the current code :)
commit 17ce0df09a22966fe4298dab3eec384df3792192 Author: Miguel Angel Cabrera Moya <madmac2501@gmail.com> Date: Thu Mar 3 20:38:03 2011 +0100 session: use full charset for RTSP session ID As specified in RFC 2326 section 3.4 use full valid charset to make guessing session ID more difficult. https://bugzilla.gnome.org/show_bug.cgi?id=643812
I know this is fairly old, but according to the RFC the characters need to be URI encoded. While VLC doesn't seem to care, ffmpeg hangs during the SETUP if the session ID contains either the $ or the +.
commit 935e8f852d050b4939f1d0f44b38e9b55a2fbe36 Author: Sebastian Dröge <sebastian@centricular.com> Date: Wed Oct 30 22:16:54 2013 +0100 rtsp-session-pool: Make sure session IDs are properly URI-escaped https://bugzilla.gnome.org/show_bug.cgi?id=643812