[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] issue 1954 - v6

From: VK Sameer <sameer_at_collab.net>
Date: 2005-01-11 06:58:24 CET

Sorry about the long delay, Karl. Took a while to dig into the code
after the vacation.

On Tue, 2005-01-04 at 08:28, kfogel@collab.net wrote:
> kfogel@collab.net writes:
> > I *think* this resolves issue #1954, but I'm not positive. There
> > might still be places where we should be doing UTF8 checks, for
> > example, since svn_path_check_valid() doesn't. However, that was no
> > reason not to apply this patch -- it was complete as is. Did you
> > already vet the call flow for UTF8 checks?

'svn <cmd>' (svn_cl__*) code go through svn_opt_args_to_target_array2()
and thence through svn_utf_cstring_to_utf8(). So yes, UTF-8 checking is
complete at the client side. On the server side, your checks in
fs-loader as part of r12632 take care of the URL checks mentioned below.

> Aha -- right, I know what I forgot: URL operations. As Philip Martin
> pointed out in
> http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=86522
> we have to protect 'svn mkdir URL' as well. (Perhaps this was what
> your RA->check_path() changes were about? Although I think that's not
> the way to go about it, if so.)
> I guess that means we can't close issue #1954 quite yet. I've tweaked
> my log message for r12581.
> Let's figure out how to protect remote operations. Philip hinted at a
> libsvn_client check, but I think a libsvn_repos (or libsvn_fs) check
> would be better. Hmmm... actually, we should do *both* sides,
> because that way even if the client is upgraded while the server is
> not, there is still some protection.
> Thoughts?
> Ball in your court :-),

Umm, it looks like you've fixed everything in r12632? Please let me know
if I should look at anything else for this issue.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 11 07:00:17 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.