GNOME Bugzilla – Bug 742869
Remove URI-escaping of RTSP session-id
Last modified: 2015-01-16 10:24:46 UTC
In https://bugzilla.gnome.org/show_bug.cgi?id=643812 a patch was committed that URI-escapes the RTSP session-id, but doing so is wrong (as explained in the commit message of the attached patch).
Created attachment 294447 [details] [review] Proposed patch reverting the URI-escaping.
Did you file a bug against ffmpeg/libav about this? commit 94f3e18c5bb2d8a054ab3b3d4828b9c77fd7f398 Author: Sebastian Rasmussen <sebrn@axis.com> Date: Tue Jan 13 15:29:29 2015 +0100 Revert "rtsp-session-pool: Make sure session IDs are properly URI-escaped" This reverts commit 935e8f852d050b4939f1d0f44b38e9b55a2fbe36. RFC 2326 states that session IDs may consist of alphanumeric as well as the safe characters $-_.+ -- N.B. the percent character is not allowed. Previously the session ID was URI-escaped, this meant that any character which was not alphanumeric or any of the characters +-._~ would be percent encoded. While the RFC (surprisingly) mentions that linear white space in session IDs should be URI-escaped, it does not say anything about other characters. Moreover no white space is allowed in the session ID. Finally the percent character which is the result of URI-escaping is not allowed in a session ID. So there is no reason to do any URI-escaping, and now it is removed. https://bugzilla.gnome.org/show_bug.cgi?id=742869
Bugs reports were instead raised with ffmpeg: https://trac.ffmpeg.org/ticket/4264#ticket As well as libav: https://bugzilla.libav.org/show_bug.cgi?id=803
We could also stop using the non-alphanum characters and just increase the entropy again by using more characters.
Sure, but there is really no reason to do that unless the current approach is causing problems for someone. Let's wait and see if the ffmpeg/libav-people can reproduce christian's original problem.
I can reproduce it with libav 11.1 :)