Fix HTTP/RTSP crash on invalid request URI

diff --git a/src/network/httpd.c b/src/network/httpd.c
index 8e64b26149abf2ca12137095928d3c1cdfc536f0..7c0819297f70e50105631d69acecc7f58fc6da3c 100644 (file)
--- a/src/network/httpd.c
+++ b/src/network/httpd.c
@@ -1728,16 +1728,27 @@ static void httpd_ClientRecv( httpd_client_t *cl )
                             *p2++ = '\0';
                         }
                         if( !strncasecmp( p, ( cl->query.i_proto
-                                   == HTTPD_PROTO_HTTP ) ? "http" : "rtsp", 4 )
-                         && p[4 + !!strchr( "sS", p[4] )] == ':' )
+                             == HTTPD_PROTO_HTTP ) ? "http:" : "rtsp:", 5 ) )
                         {   /* Skip hier-part of URL (if present) */
-                            p = strchr( p, ':' ) + 1; /* skip URI scheme */
+                            p += 5;
                             if( !strncmp( p, "//", 2 ) ) /* skip authority */
                             {   /* see RFC3986 §3.2 */
                                 p += 2;
-                                while( *p && !strchr( "/?#", *p ) ) p++;
+                                p += strcspn( p, "/?#" );
                             }
                         }
+                        else
+                        if( !strncasecmp( p, ( cl->query.i_proto
+                             == HTTPD_PROTO_HTTP ) ? "https:" : "rtsps:", 6 ) )
+                        {   /* Skip hier-part of URL (if present) */
+                            p += 6;
+                            if( !strncmp( p, "//", 2 ) ) /* skip authority */
+                            {   /* see RFC3986 §3.2 */
+                                p += 2;
+                                p += strcspn( p, "/?#" );
+                            }
+                        }
+
                         cl->query.psz_url = strdup( p );
                         if( ( p3 = strchr( cl->query.psz_url, '?' ) )  )
                         {