[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Issue 1796] defective or malicious client can corrupt repository log messages

From: Neels Janosch Hofmeyr <neels_at_elego.de>
Date: Mon, 26 May 2008 02:36:52 +0200

Ben Collins-Sussman wrote:
> On Sun, May 25, 2008 at 7:04 PM, Neels Janosch Hofmeyr <neels_at_elego.de> wrote:
>
>
>> (1) libsvn_repos:
>> (i) accepts inconsistent line ending styles in log messages and writes
>> them to the repos,
>> (ii) accepts invalid UTF-8 octets in log messages and writes them to
>> the repos, and that
>>
>
> Is this really true? My memory tells me that we were doing *server*
> side enforcement of log-message content, not client side.
>
If you can reproduce the tests as listed in the mails

http://subversion.tigris.org/servlets/ReadMsg?listName=dev&msgNo=139045
http://subversion.tigris.org/servlets/ReadMsg?listName=dev&msgNo=139067
http://subversion.tigris.org/servlets/ReadMsg?listName=dev&msgNo=139102

, then your memory has it the wrong way around. The server does no
enforcement of log message content whatsoever, as is probably true for
all props, concerning UTF-8 encoding and LF line feeds. This is what my
findings suggest.

I am busy on a patch to improve on that...

-- 
Neels Hofmeyr -- elego Software Solutions GmbH
Gustav-Meyer-Allee 25 / Gebäude 12, 13355 Berlin, Germany
phone: +49 30 23458696  mobile: +49 177 2345869  fax: +49 30 23458695
http://www.elegosoft.com | Geschäftsführer: Olaf Wagner | Sitz: Berlin
Handelsreg: Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194

Received on 2008-05-26 02:37:37 CEST

This is an archived mail posted to the Subversion Dev mailing list.