[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: herding 1.1 issues into the corral

From: Klaus Rennecke <kre_at_tigris.org>
Date: 2004-07-07 06:21:25 CEST

Branko Čibej wrote:

> [...]
>
>> ### 1947: possible data corruption bug. Already has a patch. Has no
>> milestone currently; worth putting into 1.1 this week? Does
>> someone want to review/apply the patch?
>
> I think the patch is incomplete. It should _also_ be checking that the
> two characters following the '%' are actually hex digits. [...]

Thank you for the review, here is the new patch. The change is still
quite local, although it brought in another include.

/Klaus

<><>[[[
Check that the two characters following the % escape are valid hex
digits. This serves to check for premature end of input as well.

<>* subversion/libsvn_subr/path.c
<> (svn_path_uri_decode): Check syntax of % escape.

* subversion/tests/libsvn_subr/path-test.c
 (test_uri_decode): New test function.
 (test_funcs): Added test_uri_decode.
]]]

Index: D:/kre/workspace/svn/subversion/libsvn_subr/path.c
===================================================================
--- D:/kre/workspace/svn/subversion/libsvn_subr/path.c (revision 10145)
+++ D:/kre/workspace/svn/subversion/libsvn_subr/path.c (working copy)
@@ -20,6 +20,7 @@
 
 #include <string.h>
 #include <assert.h>
+#include <ctype.h> /* for svn_path_uri_decode() */
 
 #include <apr_file_info.h>
 
@@ -871,7 +872,7 @@
            * RFC 2396, section 3.3 */
           c = ' ';
         }
- else if (c == '%')
+ else if (c == '%' && isxdigit (path[i + 1]) && isxdigit (path[i + 2]))
         {
           char digitz[3];
           digitz[0] = path[++i];

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jul 7 06:22:14 2004

This is an archived mail posted to the Subversion Dev mailing list.