Re: [PATCH] Fix bug in recursive authz logic (Was: Re: problem with AUTHZ_SVN_RECURSIVE in mod_authz_svn.c)

Thanks for your quick response! I guess the patch for svn 1.2.x should be for
mod_authz_svn/mod_authz_svn.c instead of libsvn_repos/authz.c (since this
doesn't exist in branches/1.2.x). For convenience I have attached a new
version of your patch bernd_rinn_authz_bug_1.2.patch.

When looking at snv_path_is_ancestor in libsvn_subr/path.c,

svn_boolean_t
svn_path_is_ancestor (const char *path1, const char *path2)
{
  apr_size_t path1_len = strlen (path1);

  /* If path1 is empty and path2 is not absoulte, then path1 is an ancestor. */
  if (SVN_PATH_IS_EMPTY (path1))
    return *path2 != '/';

  /* If path1 is a prefix of path2, then:
     - If path1 ends in a path separator,
     - If the paths are of the same length
     OR
     - path2 starts a new path component after the common prefix,
     then path1 is an ancestor. */
  if (strncmp (path1, path2, path1_len) == 0)
    return path1[path1_len - 1] == '/'
      || (path2[path1_len] == '/' || path2[path1_len] == '\0');

  return FALSE;
}

there is one case that I do not understand: when path1 == "/foo/" and path2 ==
"/foo", the function will return FALSE. On the other hand, when path1 ==
"/foo" and path2 == "/foo/", the function will return TRUE. Is this on
purpose?

In the case of authz_parse_section() in libsvn_repos/authz.c this means that
a section

[/dir1]

in AuthzSVNAccessFile does not apply to repos_path == "/dir1/" (at least if there isn't some
mangling that removes trailing slashes from repos_path that I have
overlooked). This looks like unexpected behavior to me.

Regards,
Bernd

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org