[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.3 now blocking on path escaping in httpd operational logging

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2005-09-27 16:48:27 CEST

On Tue, Sep 27, 2005 at 10:32:27AM -0400, C. Michael Pilato wrote:
> Justin Erenkrantz <justin@erenkrantz.com> writes:
>
> > --On September 26, 2005 4:29:43 PM -0500 kfogel@collab.net wrote:
> >
> > > Looks like we don't just use single quotes to delimit paths, we use
> > > them to delimit property names as well! And converting that to
> > > URI-encoding would be odd. It would "work", but would it really be
> > > appropriate?
> >
> > XML-escaping is what we have to do on the wire for propnames. I think
> > it makes sense to do that here too. -- justin
>
> XML-escaping permits whitespace, meaning whitespace could not be our
> delimiter. And mixing encodings is nasty.

No, it doesn't. Those would still be quoted by virtue of the log format
string that the admin would set.

> After sleeping on this, I'd like to reverse my position. I'm fine
> with double-quote-wrapped, single-space-delimited, backslash-escaped,
> UTF-8 output:
>
> "propset" "svn:log" "This is my first \"real\" propset."
> "checkout" "/trunk/My Documents/Miscellany"
> ...

httpd forbids high-bit 8-bit characters.

Here are the rules for logging within httpd (see gen_test_char.c):

        /* For logging, escape all control characters,
         * double quotes (because they delimit the request in the log
         * file)
         * backslashes (because we use backslash for escaping)
         * and 8-bit chars with the high bit set
         */

As I was trying to make clear in IRC yesterday, UTF-8 isn't an option.
httpd (via ap_escape_logitem function) will convert the high-bit values
via the c2x() function - which will print the hex value anyway (%xx).

httpd's goal is to not allow unsafe characters in the logs that could
corrupt the admin's screen. We had too many reports of security risks
by allowing such characters in the logs.

As Paul Querna and myself mentioned, if Subversion needs to write UTF-8
logs, we can't rely upon httpd's logging mechanisms. -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Sep 27 16:49:13 2005

This is an archived mail posted to the Subversion Dev mailing list.