Re: mod_dav_svn issue? (was: git-svn: refuse to dcommit non-UTF-8 messages)

From: Stefan Sperling <stsp_at_elego.de>
Date: Wed, 3 Jun 2009 15:18:45 +0100

On Wed, Jun 03, 2009 at 09:36:48AM +0200, Matthias Andree wrote:
> ping - should I just file an issue in the tracker if nobody cares to look
> here?
>
> Delegating input delegation to clients such as Perl/SVN::Ra, rather than
> having the server - mod_dav_svn or whatever - check the commit log
> character set seems like a serious issue (design flaw) to me (and checking
> if something remotely looks like UTF-8 isn't exactly difficult, look at
> Markus Kuhn's pages for code if you need to pinch it...)

Which version of Subversion are you using?
This problem has already been fixed a while back.
1.6.x should not have this problem.

------------------------------------------------------------------------
r31614 | kfogel | 2008-06-06 19:28:03 +0100 (Fri, 06 Jun 2008) | 26 lines

Fix issue #1796: prevent invalid log messages from entering the repository.
Although our client does not send invalid messages, a defective or
malicious client could, thus corrupting the repository metadata.

Patch by: Neels Janosch Hofmeyr <neels_at_elego.de>
(Tweaked by me; previous iterations reviewed by danielsh.)

* subversion/include/private/svn_utf_private.h: New file.
(svn_utf__is_valid): Moved here from libsvn_subr/utf_impl.h,
because needed in libsvn_repos.

* subversion/libsvn_subr/utf_impl.h: Include private/svn_utf_private.h.
(svn_utf__is_valid): Moved to svn_utf_private.h.
(svn_utf__last_valid): Add comment mentioning svn_utf__is_valid.

* subversion/libsvn_repos/fs-wrap.c
(validate_prop): Validate log messages.

* subversion/include/svn_repos.h
(svn_repos_fs_change_node_prop): Document validation behavior.

* subversion/tests/libsvn_repos/repos-test.c
  (prop_validation_commit_with_revprop): New helper function.
  (prop_validation): New test.
  (test_funcs): Run it.

------------------------------------------------------------------------
r34106 | danielsh | 2008-11-07 22:28:47 +0000 (Fri, 07 Nov 2008) | 7 lines

Fix issue #3313 by validating all eligible properties (and among them,
svn:author) for being valid UTF-8.

* subversion/libsvn_repos/fs-wrap.c
  (validate_prop):
    Apply the "is UTF-8 and LF" check whenever svn_prop_needs_translation()
    is true (that is the very definition of the latter).

> Git-SVN's fixing this is just a workaround for SVN design flaws and
> implementation bugs.

And let me guess -- git doesn't have any of those? ;)

Stefan
Received on 2009-06-03 16:20:23 CEST

This message: [ Message body ]
Next message: photoTed: "Consider Lock Required for SVN Move"
Previous message: Paul Burba: "Re: --reintegrate merge problems"
In reply to: Matthias Andree: "mod_dav_svn issue? (was: git-svn: refuse to dcommit non-UTF-8 messages)"
Next in thread: Matthias Andree: "Re: mod_dav_svn issue? (was: git-svn: refuse to dcommit non-UTF-8 messages)"
Reply: Matthias Andree: "Re: mod_dav_svn issue? (was: git-svn: refuse to dcommit non-UTF-8 messages)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]