Lack of validation in svn_repos_open()

On Tue, Dec 06, 2005 at 05:37:23PM +0100, Mathias Weinert wrote:
> 1. The script is not very robust against wrong command line
> arguments. You get for example an assertion if you call it with
> a repos path with a trailing slash (like bash completion
> provides it):
> assertion "is_canonical (base, blen)" failed: file "subversion/libsvn_subr/path.c", line 114
> Aborted (core dumped)
>

This is a bug in the Subversion libraries - we should never abort()
if a caller supplies a path with a trailing slash by mistake.

See attached testcase: it looks like svn_repos_open() (at least) needs
to validate (or massage) its input better.

$ ./svn_repos_open_assert
svn_repos_open_assert: subversion/libsvn_subr/path.c:114: svn_path_join: Assertion `is_canonical (base, blen)' failed.
Aborted

Regards,
Malcolm

#include <stdio.h>
#include "svn_pools.h"
#include "svn_repos.h"

int main (int argc, char **argv[])
{
  svn_repos_t *repos;
  svn_error_t *err;

  if (svn_cmdline_init ("minimal_client", stderr) != EXIT_SUCCESS)
    return EXIT_FAILURE;

  err = svn_repos_open(&repos, "repo/", svn_pool_create (NULL));
  if (err) {
    svn_handle_warning (stderr, err);
    return EXIT_FAILURE;
  }

  printf ("opened repos okay.\n");
  return EXIT_SUCCESS;
}

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 6 18:41:28 2005