[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] validate MIME type correctly (was: Re: svn: MIME type 'text/x-c++' ends with non-alphanumeric) character

From: Stefan Sperling <stsp_at_elego.de>
Date: Sat, 26 Apr 2008 13:25:47 +0200

On Sat, Apr 26, 2008 at 01:14:11PM +0200, Stefan Sperling wrote:
> On Sat, Apr 26, 2008 at 12:58:30PM +0200, Stefan Sperling wrote:
> >
> > Thread moved to dev@
>
> > Would this be better?
> >
> > Can anyone test if this breaks anything?
> > (There seem to be no mime-type-related unit tests...)
> >
> > Index: subversion/libsvn_subr/validate.c
> > ===================================================================
> > --- subversion/libsvn_subr/validate.c (revision 30791)
> > +++ subversion/libsvn_subr/validate.c (working copy)
> > @@ -41,6 +41,8 @@ svn_mime_type_validate(const char *mime_type, apr_
> > only looking at the media type here. */
> > const apr_size_t len = strcspn(mime_type, "; ");
> > const char *const slash_pos = strchr(mime_type, '/');
> > + int i;
> > + const char *tspecials = "()<>@,;:\\\"/[]?="; /* see RFC 1521 */
>
> Hrmm, with that slash tspecials, looping over the whole mime-type
> and just not the subtype will break the whole function pretty much :/
>
> I'll send a better patch in a minute.

Here it is. Now hopefully correctly checking the whole mime type
for illegal characters. This should conform to RFC 1521 if I
unterstood the RFC correctly.

Index: subversion/libsvn_subr/validate.c
===================================================================
--- subversion/libsvn_subr/validate.c (revision 30791)
+++ subversion/libsvn_subr/validate.c (working copy)
@@ -41,6 +41,8 @@ svn_mime_type_validate(const char *mime_type, apr_
      only looking at the media type here. */
   const apr_size_t len = strcspn(mime_type, "; ");
   const char *const slash_pos = strchr(mime_type, '/');
+ int i;
+ const char *tspecials = "()<>@,;:\\\"/[]?=";
 
   if (len == 0)
     return svn_error_createf
@@ -52,10 +54,19 @@ svn_mime_type_validate(const char *mime_type, apr_
       (SVN_ERR_BAD_MIME_TYPE, NULL,
        _("MIME type '%s' does not contain '/'"), mime_type);
 
- if (! apr_isalnum(mime_type[len - 1]))
- return svn_error_createf
- (SVN_ERR_BAD_MIME_TYPE, NULL,
- _("MIME type '%s' ends with non-alphanumeric character"), mime_type);
+ /* Check the mime type for illegal characters. See RFC 1521. */
+ for (i = 0; i < len; i++)
+ {
+ if (&mime_type[i] != slash_pos
+ && (! apr_isascii(mime_type[i])
+ || apr_iscntrl(mime_type[i])
+ || apr_isspace(mime_type[i])
+ || (strchr(tspecials, mime_type[i]) != NULL)))
+ return svn_error_createf
+ (SVN_ERR_BAD_MIME_TYPE, NULL,
+ _("MIME type '%s' contains invalid character '%c'"),
+ mime_type, mime_type[i]);
+ }
 
   return SVN_NO_ERROR;
 } 

-- 
Stefan Sperling <stsp_at_elego.de>                    Software Monkey
 
German law requires the following banner :(
elego Software Solutions GmbH                            HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12        Tel:  +49 30 23 45 86 96 
13355 Berlin                              Fax:  +49 30 23 45 86 95
http://www.elego.de                               CEO: Olaf Wagner
 
Store password unencrypted (yes/no)? No

  • application/pgp-signature attachment: stored
Received on 2008-04-26 13:24:44 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.