Neels Janosch Hofmeyr <neels_at_elego.de> writes:
> Say that an invalid log message has been written to the repository. If,
> then, the normal (unforged) svn client is invoked with, e.g., `svn log
> <file>', the invalid log message is read from the repository and passed
> to the client, which does no normalising or checking whatsoever and
> prints the invalid characters to the screen directly.
>
> (I repeat, this happens when using the normal svn client without any
> malicious modifications. I only forged the part where the user gives a
> message.)
Okay. It would have helped if, in the mail where you were pointing out
this bug, your transcript actually showed this happening :-).
> To confirm this, look in the same test logs that prove the point that
> the server accepts invalid log messages. You can see that `svn log'
> produces those same invalid characters.
What logs are you referring to?
Actually, a great time saver would be if you could set up a repository
on the public Internet somewhere, with revisions that have invalid data
of various kinds. Then everyone else could access it with their normal
clients.
I had thought 'svn log' *does* protect against this...
> So, right now, there is only *one* place where props get
> normalised/checked for consistence:
> - where the svn client receives a log message from the user
Agreed.
> The places, where checking the props is, supposedly, missing, are:
> - where the server receives props from a client out there.
Agreed.
> - where the server reads props from the repository file system.
Agreed.
> - where the svn client reads props from a server out there.
Agreed, but I thought we already did this.
> The place where I don't know yet what happens is:
> - where the client receives any svn:prop other than a commit log from
> the user.
Well, not all "svn:" props are guaranteed to be UTF-8; each prop may
have its own normalization rules. I agree that whatever those rules
are, we should enforce them.
> I'd just like to ask: is it considered a lot of overhead to check all
> svn:props for utf8 and proper LF in all of the places discussed? If both
> the client and server check all the time, then each prop is checked at
> least twice for a given operation.
Each "svn:" property value should be checked for its particular kind of
validity at all relevant points. The important thing is not the number
of checks; the important thing is *where* the checks happen. I think
you have identified the places where the checks need to happen.
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-26 23:28:32 CEST