Malcolm Rowe wrote:
> On Thu, Sep 06, 2007 at 07:22:06AM -0700, cmpilato@tigris.org wrote:
>> For issue #2780: Teach the entries-file reading code to check for
>> canonicalization of paths found in the entries files.
>>
>> +/* This is wrapper around read_str() (which see for details); it
>> + simply asks svn_path_is_canonical() of the string it reads,
>> + returning an error if the test fails. */
>> +static svn_error_t *
>> +read_path(const char **result,
>> + char **buf, const char *end,
>> + apr_pool_t *pool)
>> +{
>> + SVN_ERR(read_str(result, buf, end, pool));
>> + if (*result && **result && (! svn_path_is_canonical(*result, pool)))
>> + return svn_error_createf(SVN_ERR_WC_CORRUPT, NULL,
>> + _("Entry contains non-canonical path '%s'"),
>
> Does the entries file allow real paths, or just dirent names? If we're
> validating the field, should we also check for (and disallow) entries
> containing path separators?
The entries file only allows single path components, so there's definitely
room to expand and improve this check. My immediate goal was simply to
prevent is_canonical() aborts, though.
--
C. Michael Pilato <cmpilato@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on Thu Sep 6 19:26:37 2007