Ivan Zhakov wrote:
> On 2/14/06, rooneg@tigris.org <rooneg@tigris.org> wrote:
>> Author: rooneg
>> Date: Mon Feb 13 16:25:49 2006
>> New Revision: 18451
>>
>> Modified:
>> trunk/subversion/libsvn_client/copy.c
>> trunk/subversion/tests/cmdline/copy_tests.py
>>
>> Log:
>> Fix issue #2503, assertion failure cp URL -> URL.
>>
>> * subversion/libsvn_client/copy.c
>> (repos_to_repos_copy): If we're not copying to the repos root, and the
>> src URL is a child of the dest URL be sure to root the session at the
>> parent of the dest URL, otherwise we hit asserts later on.
>>
>> * subversion/tests/cmdline/copy_tests.py
>> (copy_deleted_dir_into_prefix): New test for this bug.
>> (test_list): Run the new test.
>
> Garrett,
> I consider it is not enougn to fix only client to send valid requests.
> Anyway server should be aware of invalid requests without aborts(). If
> client use old client it still can abort server, which is very bad and
> can cause wedged repositories.
I would put this even more emphatically: A server should never abort() due
to wire data. aborts() should only happen due to software bugs (something
that "can not happen" just happened) and not because input data is not of
the correct format, especially for externally connected servers. (That is,
not closely coupled and secure systems)
As long as a certain stream of input data to the server can abort() the
server there is a trivial DOS attack on that server. As such I would claim
that if there is such an attack possible, there is a major bug that needs
addressing. (Just think of someone attacking the public Apache or Subversion
server that way...)
--
Michael Sinz Technology and Engineering Director/Consultant
"Starting Startups" mailto:michael.sinz@sinz.org
My place on the web http://www.sinz.org/Michael.Sinz
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 14 12:08:07 2006