[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Issue 1796] defective or malicious client can corrupt repository log messages

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Sun, 25 May 2008 21:50:22 -0400

Neels Janosch Hofmeyr <neels_at_elego.de> writes:
> So, the svn client does try to convert the incoming log message to UTF-8
> and complains if it can't.
>
> This completes the picture where the client behaves perfectly, but the
> server accepts anything it is given and writes it to the repository.
>
> Thus, if someone used a forged client, they could "corrupt" the
> repository, which may print unreadable logs due to unexpected character
> sequences. The user's shell display might "crash" when trying to print
> paranormal character sequences from another dimension.

Hrm? The top seems to contradict the bottom... An introductory summary
in your mail would help a bit :-).

Your transcript shows the client attempting to convert various
bytestrings to UTF8, to create a log message to send *to* the
repository. Your transcript doesn't show any instances of the client
attempting to convert data it received *from* the repository, which is
the scenario you're talking about in your final paragraph above.

My memory is that when the client receives a log message from the
repository, the client attempts to convert it to UTF-8 and complains (in
a terminal-safe way) if it can't. If that's not the case, we should fix
it. However, this seems to have nothing to do with what you showed in
your mail.

Am I misunderstanding something?

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-26 03:50:43 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.