From a5cbd9f6c24dc62eb1e6fc2bc9d630084aa88512 Mon Sep 17 00:00:00 2001
From: claincly <claincly@google.com>
Date: Thu, 5 Aug 2021 08:40:00 +0100
Subject: [PATCH] Handle RTSP session id properly.

Issue: #9254

#minor-release

We used to allow only alphanumerical characters in session id. The spec also
allows "$", "-", "_", ".", "+" (RFC2326 Sections 3.4 and 15.1).

PiperOrigin-RevId: 388873742
---
 RELEASENOTES.md                                          | 2 ++
 .../android/exoplayer2/source/rtsp/RtspMessageUtil.java  | 4 ++--
 .../exoplayer2/source/rtsp/RtspMessageUtilTest.java      | 9 +++++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index 21862c8ff43..f7bc8da6619 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -142,6 +142,8 @@
         ([#9182](https://github.com/google/ExoPlayer/issues/9182)).
     *   Handle an extra semicolon in SDP fmtp attribute
         ([#9247](https://github.com/google/ExoPlayer/pull/9247)).
+    *   Fix handling of special characters in the RTSP session ID
+        ([#9254](https://github.com/google/ExoPlayer/issues/9254)).
 *   MediaSession extension:
     *   Deprecate `setControlDispatcher` in `MediaSessionConnector`. The
         `ControlDispatcher` parameter has also been deprecated in all
diff --git a/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java b/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
index 4ef559fdae6..c8ffff25747 100644
--- a/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
+++ b/library/rtsp/src/main/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtil.java
@@ -92,9 +92,9 @@ public RtspAuthUserInfo(String username, String password) {
   private static final Pattern CONTENT_LENGTH_HEADER_PATTERN =
       Pattern.compile("Content-Length:\\s?(\\d+)", CASE_INSENSITIVE);
 
-  // Session header pattern, see RFC2326 Section 12.37.
+  // Session header pattern, see RFC2326 Sections 3.4 and 12.37.
   private static final Pattern SESSION_HEADER_PATTERN =
-      Pattern.compile("(\\w+)(?:;\\s?timeout=(\\d+))?");
+      Pattern.compile("([\\w$-_.+]+)(?:;\\s?timeout=(\\d+))?");
 
   // WWW-Authenticate header pattern, see RFC2068 Sections 14.46 and RFC2069.
   private static final Pattern WWW_AUTHENTICATION_HEADER_DIGEST_PATTERN =
diff --git a/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java b/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
index 0e9a3aaf742..92463f30855 100644
--- a/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
+++ b/library/rtsp/src/test/java/com/google/android/exoplayer2/source/rtsp/RtspMessageUtilTest.java
@@ -350,6 +350,15 @@ public void serialize_failedResponse_succeeds() {
         .isEqualTo(expectedRtspMessage.getBytes(RtspMessageChannel.CHARSET));
   }
 
+  @Test
+  public void parseSessionHeader_withSessionIdContainingSpecialCharacters_succeeds()
+      throws Exception {
+    String sessionHeaderString = "610a63df-9b57.4856_97ac$665f+56e9c04";
+    RtspMessageUtil.RtspSessionHeader sessionHeader =
+        RtspMessageUtil.parseSessionHeader(sessionHeaderString);
+    assertThat(sessionHeader.sessionId).isEqualTo("610a63df-9b57.4856_97ac$665f+56e9c04");
+  }
+
   @Test
   public void removeUserInfo_withUserInfo() {
     Uri uri = Uri.parse("rtsp://user:pass@foo.bar/foo.mkv");