There was a discussion on issue 1796 up to a week ago, in which a bunch
of shortcomings of the same kind as 1796 have been revealed:
The subversion server and client do not validate props in places where
they should:
- where the server receives props from a client out there. (#1796)
- where the server reads props from the repository file system.
- where the svn client reads props from a server out there.
(Approval by kfogel)
This patch starts by fixing the specific problems of issue 1796, only:
- where the server receives props from a client out there. (#1796)
, and limited only to the log message prop (SVN_PROP_REVISION_LOG).
More patches, continuing in above list, are to follow.
Also, in the threads about issue 1796 recently, some people asked for a
way to reproduce 1796 without forging their svn client. Note that the C
test included in this patch is a good way to do so. It may be
illustrative to investigate the repository after the test has run, using
current trunk: the corrupt data shows in the repository filesystem.
Also note that this is my first "complex" patch to subversion, so please
feel very free to tell me about anything I could have done better.
Thanks!
[[[
Fix issue #1796: defective or malicious client can corrupt repository
log messages.
Also adding regression test for 1796.
* subversion/include/private/svn_utf_private.h: Add this private header
file and move the declaration of svn_utf__is_valid from
libsvn_subr/utf_impl.h here, because this function is needed in
libsvn_repos.
* subversion/libsvn_subr/utf_impl.h: Include private/svn_utf_private.h.
(svn_utf__is_valid): Move declaration away to svn_utf_private.h
because this function is needed in libsvn_repos.
(svn_utf__last_valid): Add comment to also see svn_utf__is_valid.
* subversion/libsvn_repos/fs-wrap.c(validate_prop): Add two validations
for SVN_PROP_REVISION_LOG's value. Validate UTF-8 encoding using
svn_utf__is_valid, and validate consistent LF eol style by looking
for and rejecting CR (\r) characters.
* subversion/tests/libsvn_repos/repos-test.c
(prop_validation): Add this regression test for issue 1796, which
tries to commit two invalid log messages concerning UTF-8 and LF.
(prop_validation_commit_with_revprop): Add this helper function for
prop_validation, which runs a commit with a given revprop.
Patch by: Neels Janosch Hofmeyr <neels_at_elego.de>
Review by: Karl Fogel <kfogel_at_red-bean.com>
Daniel Shahaf <d.s_at_daniel.shahaf.co.il>
Stefan Sperling <stsp_at_elego.de>
Branko Cibej <brane_at_xbc.nu>
Found by: garrick_olson
]]]
--
Neels Hofmeyr -- elego Software Solutions GmbH
Gustav-Meyer-Allee 25 / Gebäude 12, 13355 Berlin, Germany
phone: +49 30 23458696 mobile: +49 177 2345869 fax: +49 30 23458695
http://www.elegosoft.com | Geschäftsführer: Olaf Wagner | Sitz: Berlin
Handelsreg: Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194
Received on 2008-06-03 03:59:37 CEST