Mercurial > hg > orthanc
view Resources/Patches/openssl-lsb.diff @ 2248:69b0f4e8a49b
Escape multipart type parameter value in Content-Type header
## Summary
Multipart responses do not quote/escape the value of their type
parameter (the subtype) even though it always contains at least one
special character (the slash "/"), which confuses standard-compliant
HTTP clients.
## Details
The Content-Type header in HTTP is in RFC 7231, Section 3.1.1.5:
https://tools.ietf.org/html/rfc7231#section-3.1.1.5
The section defers to the media type section (3.1.1.1) for the syntax of
the media type:
https://tools.ietf.org/html/rfc7231#section-3.1.1.1
This states that a parameter value can be quoted:
parameter = token "=" ( token / quoted-string )
A parameter value that matches the token production can be transmitted
either as a token or within a quoted-string. The quoted and unquoted
values are equivalent.
Tokens are defined in RFC 7230, Section 3.2.6 (via RFC 7231, appendix
C):
https://tools.ietf.org/html/rfc7231#appendix-C
https://tools.ietf.org/html/rfc7230#section-3.2.6
Here we observe that tokens cannot contain a slash "/" character:
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
Delimiters are chosen from the set of US-ASCII visual characters not
allowed in a token (DQUOTE and "(),/:;<=>?@[\]{}").
However, the current implementation does not quote/escape the value of
the type parameter:
multipart/related; type=application/dicom
Instead, it should be:
multipart/related; type="application/dicom"
All of this also seems to apply to the MIME Content-Type header
definition, even though it is a little different:
https://www.iana.org/assignments/message-headers
https://tools.ietf.org/html/rfc2045#section-5.1
https://tools.ietf.org/html/rfc2387
author | Thibault Nélis <tn@osimis.io> |
---|---|
date | Mon, 16 Jan 2017 13:07:11 +0100 |
parents | 6a3e2ca7a7a0 |
children |
line wrap: on
line source
--- ui_openssl.c.orig 2013-09-24 15:06:54.264420779 +0200 +++ ui_openssl.c 2013-09-24 14:22:43.512312998 +0200 @@ -291,7 +291,7 @@ static unsigned short channel = 0; #else #if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) -static TTY_STRUCT tty_orig,tty_new; +//static TTY_STRUCT tty_orig,tty_new; #endif #endif static FILE *tty_in, *tty_out; @@ -475,106 +475,21 @@ /* Internal functions to open, handle and close a channel to the console. */ static int open_console(UI *ui) { - CRYPTO_w_lock(CRYPTO_LOCK_UI); - is_a_tty = 1; - -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS) - tty_in=stdin; - tty_out=stderr; -#else -# ifdef OPENSSL_SYS_MSDOS -# define DEV_TTY "con" -# else -# define DEV_TTY "/dev/tty" -# endif - if ((tty_in=fopen(DEV_TTY,"r")) == NULL) - tty_in=stdin; - if ((tty_out=fopen(DEV_TTY,"w")) == NULL) - tty_out=stderr; -#endif - -#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty_in),&tty_orig) == -1) - { -#ifdef ENOTTY - if (errno == ENOTTY) - is_a_tty=0; - else -#endif -#ifdef EINVAL - /* Ariel Glenn ariel@columbia.edu reports that solaris - * can return EINVAL instead. This should be ok */ - if (errno == EINVAL) - is_a_tty=0; - else -#endif - return 0; - } -#endif -#ifdef OPENSSL_SYS_VMS - status = sys$assign(&terminal,&channel,0,0); - if (status != SS$_NORMAL) - return 0; - status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return 0; -#endif return 1; } static int noecho_console(UI *ui) { -#ifdef TTY_FLAGS - memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig)); - tty_new.TTY_FLAGS &= ~ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1)) - return 0; -#endif -#ifdef OPENSSL_SYS_VMS - tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] | TT$M_NOECHO; - tty_new[2] = tty_orig[2]; - status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return 0; -#endif return 1; } static int echo_console(UI *ui) { -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig)); - tty_new.TTY_FLAGS |= ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1)) - return 0; -#endif -#ifdef OPENSSL_SYS_VMS - tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; - tty_new[2] = tty_orig[2]; - status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return 0; -#endif return 1; } static int close_console(UI *ui) { - if (tty_in != stdin) fclose(tty_in); - if (tty_out != stderr) fclose(tty_out); -#ifdef OPENSSL_SYS_VMS - status = sys$dassgn(channel); -#endif - CRYPTO_w_unlock(CRYPTO_LOCK_UI); - return 1; }