[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] validate MIME type correctly

From: Stefan Sperling <stsp_at_elego.de>
Date: Mon, 28 Apr 2008 19:51:47 +0200

On Mon, Apr 28, 2008 at 01:37:50PM -0400, Greg Hudson wrote:
>
> On Mon, 2008-04-28 at 19:18 +0200, Stefan Sperling wrote:
> > > Stefan Sperling wrote on Mon, 28 Apr 2008 at 17:00 +0200:
> > > > Btw, if there's any space before the semicolon (i.e. 'text/plain ;')
> > > > trunk will now raise an error. RFC 1521 seems to agree with this:
>
> RFC 1521 has long been obsoleted by RFC 2045-2049, although that grammar
> isn't materially different in 2045.
>
> RFC 822 takes a very a relaxed attitude towards whitespace:
>
> 3.1.4. STRUCTURED FIELD BODIES
>
> To aid in the creation and reading of structured fields, the
> free insertion of linear-white-space (which permits folding
> by inclusion of CRLFs) is allowed between lexical tokens.
> Rather than obscuring the syntax specifications for these
> structured fields with explicit syntax for this linear-white-
> space, the existence of another "lexical" analyzer is assumed.
>
> RFC 1521 and 2045 are written in the same style. RFC 2822 (obsoleting
> 822) cleans this up, but to my knowledge there is no cleaned-up grammar
> for content-type headers.

Wow, so many numbers. I wasn't aware of the status of RFC 1521,
thanks for pointing this out!

Anyway, looking at the code again, it seems my assumption that
it could not deal with whitespace before the semicolon was wrong.

This is how we determine the length of the media type in the mime type:

 const apr_size_t len = strcspn(mime_type, "; ")

The declaration of strcspn is:
size_t strcspn(const char *s, const char *charset)

strcspn "computes the string array index in s of the first
character of s which is also in charset". We should therefore
stop counting characters at either ';' or ' '. So the case
'plain/text ;' should be handled correctly by the current code,
for any amount of whitespace before the semicolon. It should be
handled just as the case 'plain/text; ' is handled. 

-- 
Stefan Sperling <stsp_at_elego.de>                    Software Monkey
 
German law requires the following banner :(
elego Software Solutions GmbH                            HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12        Tel:  +49 30 23 45 86 96 
13355 Berlin                              Fax:  +49 30 23 45 86 95
http://www.elego.de                               CEO: Olaf Wagner
 
Store password unencrypted (yes/no)? No

  • application/pgp-signature attachment: stored
Received on 2008-04-28 19:52:04 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.