[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Re: Unnecessary path encoding in svnserve

From: Peter N. Lundblad <peter_at_famlundblad.se>
Date: 2004-08-11 22:48:08 CEST

On Sat, 7 Aug 2004, Greg Hudson wrote:

> On Wed, 2004-08-04 at 17:33, Peter N. Lundblad wrote:
> > I've attached a patch that does this. This can be a security hole if not
> > done correctly, so would someone please review it. I couldn't juse
> > svn_path_is_backpath_present because it only checks for / as segment
> > separator, which isn't enough on Windows ofcourse.
> Hm. Would it be better to use svn_path_internal_style() to convert any
> local separators (there shouldn't be any, but of course we can't trust
> the client to honor that) and then use svn_path_is_backpath_present on
> the result?
I have been thinking more about this. The problem with your approach is
that it wouldn't allow \ in paths inside the repository on a Windows
serve, since they would be converted to slashes. This would be an
arbitrary limitation for a UNIX client. The problem is that we take the
rest of the repository path as the path inside the repository using
strlen. I don't think svn_path_internal_style just replaces characters
without insertion/deletion. As I maybe said earlier, I don't like this
nearly-duplication of code either...


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Aug 11 22:36:52 2004

This is an archived mail posted to the Subversion Dev mailing list.