On 6/5/07, C. Michael Pilato <email@example.com> wrote:
> David Glasser wrote:
> > It appears that if you accidentally put a trailing slash in a section
> > header in an authz file, like
> > [/some/path/]
> > it will never be matched. (At least, that's what a bit of testing and
> > source diving reveals; there might be some cases where it does.) This
> > happens for any sort of non-canonical path, but trailing slashes are
> > the easiest to do by accident.
> > This is really confusing and should be fixed.
> > Is the correct fix to allow authz file writers to write non-canonical
> > paths and canonicalize them when they're matched against, or to throw
> > an error if a non-canonical path is specified?
> Bummer thing about an error in this situation is that the folks who see the
> error might not be able to fix it (users vs. admins). Besides,
> canonicalizing the paths automatically seems the more user-friendly thing to do.
The following patch should fix this issue. Since there are security
concerns here, I'd appreciate review before I commit. Also, I only
ran tests against svnserve; if somebody could run tests against a DAV
setup that would be appreciated.
(There are two classes of security concern here. First, I could
simply have introduced a bug. Secondly, this technically isn't
backwards compatible. There could be installations out there that
have non-canonical blocks that are being ignored which will suddenly
start taking effect --- does anyone think this is a problem?)
When parsing authz files, canonicalize path names in section headers.
Among other things, this means that a section name with a trailing
slash won't be silently ignored.
(authz_parse_section, authz_global_parse_section): Canonicalize
(authz_parse_exact_section): New section enumerator callback for
(authz_get_path_access): Instead of directly looking up the sections
at "path" and "qualified_path", use authz_parse_exact_section to
enumerate over all sections and check whether the canonicalized
version of the section name is the section we're looking for.
(authz_read_access): Add a trailing slash to one of the authz
section names. (In the absence of the other changes in this
revision, this causes the test to fail.)
David Glasser | glasser_at_mit.edu | http://www.davidglasser.net/
Received on Wed Jun 6 16:44:39 2007
To unsubscribe, e-mail: firstname.lastname@example.org
For additional commands, e-mail: email@example.com