[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] issue 1796: defective or malicious client can corrupt repository log messages

From: Neels Janosch Hofmeyr <neels_at_elego.de>
Date: Thu, 05 Jun 2008 03:33:32 +0200

Here is an improved version 2 of the fix for potato 1796.

Fix issue #1796: defective or malicious client can corrupt repository
log messages.
Also adding regression test for issue 1796.

* subversion/include/private/svn_utf_private.h: Add this private header
  (svn_utf__is_valid): Move the function declaration here from
    libsvn_subr/utf_impl.h, because it is needed in libsvn_repos.

* subversion/libsvn_subr/utf_impl.h: Include private/svn_utf_private.h.
  (svn_utf__is_valid): Move declaration away to svn_utf_private.h
    because this function is needed in libsvn_repos.
  (svn_utf__last_valid): Add comment to also see svn_utf__is_valid.

* subversion/libsvn_repos/fs-wrap.c (validate_prop): Add two validations
    for SVN_PROP_REVISION_LOG's value. Validate UTF-8 encoding using
    svn_utf__is_valid, and validate consistent LF eol style by looking
    for and rejecting CR (\r) characters.

* subversion/include/svn_repos.h (svn_repos_fs_change_node_prop):
    Change comment to describe the new property validation introduced
    in libsvn_repos/fs-wrap.c (validate_prop).

* subversion/tests/libsvn_repos/repos-test.c
  (prop_validation): Add this regression test for issue 1796, which
    tries to commit two invalid log messages concerning UTF-8 and LF.
  (prop_validation_commit_with_revprop): Add this helper function for
    prop_validation, which runs a commit with a given revprop.
  (commit_callback_dummy): Add this svn_commit_callback2_t function to
    use it in prop_validation_commit_with_revprop. It does nothing.

Patch by: neels
Review by: danielsh

Neels Hofmeyr -- elego Software Solutions GmbH
Gustav-Meyer-Allee 25 / Gebäude 12, 13355 Berlin, Germany
phone: +49 30 23458696  mobile: +49 177 2345869  fax: +49 30 23458695
http://www.elegosoft.com | Geschäftsführer: Olaf Wagner | Sitz: Berlin
Handelsreg: Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194

Received on 2008-06-05 03:35:58 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.