Branko Čibej wrote:
> Roland Ruedenauer wrote:
>> if ((strncmp (hostname, "localhost", 9) != 0))
>>
>> 2) libsvn_repos/fs-wrap.c line 330 and 332
>>
>> /* Only svn:author and svn:date are fetchable. */
>> if ((strncmp (propname, SVN_PROP_REVISION_AUTHOR,
>> strlen(SVN_PROP_REVISION_AUTHOR)) != 0)
>> && (strncmp (propname, SVN_PROP_REVISION_DATE,
>> strlen(SVN_PROP_REVISION_DATE)) != 0))
>> *value_p = NULL;
>>
>>
> Probably, but they're all correct (I hope :-).
Although yes we are looking at a substring, should we not be checking
the terminator also? We'll get a false negative on the localhost check
localhost-foo.bar.com. I guess it should check for end of string or "."
as the next character? In the second case if you had other props with a
common prefix could they not suffer value leak (this is part of the
security fix right); obviously unlikely you'd choose to share these
prefixes, but perhaps its still 'wrong' per-see.
-apw
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 26 11:19:38 2004