[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[Issue 1796] defective or malicious client can corrupt repository log messages

From: Neels Janosch Hofmeyr <neels_at_elego.de>
Date: Mon, 26 May 2008 02:04:31 +0200

http://subversion.tigris.org/servlets/ReadMsg?listName=dev&msgNo=139067

After having established that:

(1) libsvn_repos:
 (i) accepts inconsistent line ending styles in log messages and writes
them to the repos,
 (ii) accepts invalid UTF-8 octets in log messages and writes them to
the repos, and that

(2) the svn client
 (i) handles line ending styles in log messages well (converts or
complains, as appropriate)

I go on to show that the svn client
 (ii) handles invalid UTF-8 octets in log messages well (converts or
complains, as appropriate)

I ran:

$ vim -b msg
$ cat -A msg
log$
mM-^?g$
$
(the M-^? is actually a 0xff byte)

$ echo y >> x
$ svn ci -F msg
subversion/libsvn_client/commit.c:919: (apr_err=22)
svn: Commit failed (details follow):
subversion/svn/util.c:660: (apr_err=22)
svn: Error normalizing log message to internal format
subversion/libsvn_subr/utf.c:629: (apr_err=22)
svn: Valid UTF-8 data
(hex: 6c 6f 67 0a 6d)
followed by invalid UTF-8 sequence
(hex: ff 67 0a 0a)

$ svn ci -m "`cat msg`"
subversion/libsvn_client/commit.c:919: (apr_err=22)
svn: Commit failed (details follow):
subversion/svn/util.c:660: (apr_err=22)
svn: Error normalizing log message to internal format
subversion/libsvn_subr/utf.c:629: (apr_err=22)
svn: Valid UTF-8 data
(hex: 6c 6f 67 0a 6d)
followed by invalid UTF-8 sequence
(hex: ff 67)

$ svn ci
[vim opens, I change file encoding settings and enter a 0xff byte within
some text]
subversion/libsvn_client/commit.c:919: (apr_err=22)
svn: Commit failed (details follow):
subversion/svn/util.c:448: (apr_err=22)
svn: Error normalizing edited contents to internal format
subversion/libsvn_subr/utf.c:629: (apr_err=22)
svn: Valid UTF-8 data
(hex: 0a 6c 6f 67 0a 6d)
followed by invalid UTF-8 sequence
(hex: ff 67 0a 0a)
subversion/svn/util.c:581: (apr_err=22)
svn: Your commit message was left in a temporary file:
subversion/svn/util.c:581: (apr_err=22)
svn: '/arch/elego/svn/test/wc/r1796/svn-commit.tmp'

So, the svn client does try to convert the incoming log message to UTF-8
and complains if it can't.

This completes the picture where the client behaves perfectly, but the
server accepts anything it is given and writes it to the repository.

Thus, if someone used a forged client, they could "corrupt" the
repository, which may print unreadable logs due to unexpected character
sequences. The user's shell display might "crash" when trying to print
paranormal character sequences from another dimension. 

-- 
Neels Hofmeyr -- elego Software Solutions GmbH
Gustav-Meyer-Allee 25 / Gebäude 12, 13355 Berlin, Germany
phone: +49 30 23458696  mobile: +49 177 2345869  fax: +49 30 23458695
http://www.elegosoft.com | Geschäftsführer: Olaf Wagner | Sitz: Berlin
Handelsreg: Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194

Received on 2008-05-26 02:05:06 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.