This fix should probably be made on trunk, yes?
-Hyrum
On Mon, Aug 9, 2010 at 1:27 PM, <stefan2_at_apache.org> wrote:
> Author: stefan2
> Date: Mon Aug 9 18:27:49 2010
> New Revision: 983764
>
> URL: http://svn.apache.org/viewvc?rev=983764&view=rev
> Log:
> Fix an obvious typo in the path validation code that is also present at /trunk.
> It produces false negatives, i.e. certain malformed URIs won't be detected.
>
> * subversion/libsvn_subr/dirent_uri.c
> (svn_uri_is_canonical): actually compare the chars following '%' instead
> of comparing '%'+1 and '%'+2.
>
> Modified:
> subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c
>
> Modified: subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c
> URL: http://svn.apache.org/viewvc/subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c?rev=983764&r1=983763&r2=983764&view=diff
> ==============================================================================
> --- subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c (original)
> +++ subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c Mon Aug 9 18:27:49 2010
> @@ -1901,11 +1901,11 @@ svn_uri_is_canonical(const char *uri, ap
>
> /* Can't use apr_isxdigit() because lower case letters are
> not in our canonical format */
> - if (((*(ptr+1) < '0' || (*ptr+1) > '9'))
> - && (*(ptr+1) < 'A' || (*ptr+1) > 'F'))
> + if (((*(ptr+1) < '0' || *(ptr+1) > '9'))
> + && (*(ptr+1) < 'A' || *(ptr+1) > 'F'))
> return FALSE;
> - else if (((*(ptr+2) < '0' || (*ptr+2) > '9'))
> - && (*(ptr+2) < 'A' || (*ptr+2) > 'F'))
> + else if (((*(ptr+2) < '0' || *(ptr+2) > '9'))
> + && (*(ptr+2) < 'A' || *(ptr+2) > 'F'))
> return FALSE;
>
> digitz[0] = *(++ptr);
>
>
>
Received on 2010-08-09 20:39:04 CEST