On Thu, Sep 06, 2007 at 07:22:06AM -0700, cmpilato@tigris.org wrote:
> For issue #2780: Teach the entries-file reading code to check for
> canonicalization of paths found in the entries files.
>
> +/* This is wrapper around read_str() (which see for details); it
> + simply asks svn_path_is_canonical() of the string it reads,
> + returning an error if the test fails. */
> +static svn_error_t *
> +read_path(const char **result,
> + char **buf, const char *end,
> + apr_pool_t *pool)
> +{
> + SVN_ERR(read_str(result, buf, end, pool));
> + if (*result && **result && (! svn_path_is_canonical(*result, pool)))
> + return svn_error_createf(SVN_ERR_WC_CORRUPT, NULL,
> + _("Entry contains non-canonical path '%s'"),
Does the entries file allow real paths, or just dirent names? If we're
validating the field, should we also check for (and disallow) entries
containing path separators?
Regards,
Malcolm
- application/pgp-signature attachment: stored
Received on Thu Sep 6 16:55:14 2007