[PATCH] Handle non-canonical fspaths in the authz file

Bringing it here as it's an incompatible change. If no objections I'll
commit it for 1.8.

[[[
Path-based authz: error out on non-canonical fspaths in the input. (We
already canonicalize fspaths passed to the API for access testing.)

This is an incompatible change: some previously-accepted authz files
will now cause visible errors. However, before this change the semantics
of such authz files might have been different from what a casual gloss
over them would have suggested.

Found by: Malte Schirmacher
(thana on IRC)

* subversion/libsvn_repos/authz.c
  (authz_validate_section): Validate the fspath part of the section name.

* subversion/tests/libsvn_repos/repos-test.c
  (authz): Add a basic regression test for this.
]]]

[[[
Index: subversion/tests/libsvn_repos/repos-test.c
===================================================================
--- subversion/tests/libsvn_repos/repos-test.c (revision 1162754)
+++ subversion/tests/libsvn_repos/repos-test.c (working copy)
@@ -1314,6 +1314,14 @@ authz(apr_pool_t *pool)
                             "Regression: incomplete ancestry test "
                             "for recursive access lookup.");
 
+ /* The authz rules for the phase 4 tests */
+ contents =
+ "[greek:/dir2//secret]" NL
+ "* =" NL;
+ err = authz_get_handle(&authz_cfg, contents, subpool);
+ SVN_TEST_ASSERT_ERROR(err, SVN_ERR_AUTHZ_INVALID_CONFIG);
+ svn_error_clear(err);
+
   /* That's a wrap! */
   svn_pool_destroy(subpool);
   return SVN_NO_ERROR;
Index: subversion/libsvn_repos/authz.c
===================================================================
--- subversion/libsvn_repos/authz.c (revision 1162754)
+++ subversion/libsvn_repos/authz.c (working copy)
@@ -723,8 +724,25 @@ static svn_boolean_t authz_validate_section(const
     svn_config_enumerate2(b->config, name, authz_validate_alias,
                           baton, pool);
   else
- svn_config_enumerate2(b->config, name, authz_validate_rule,
- baton, pool);
+ {
+ /* Validate the section's name. Skip the optional REPOS_NAME. */
+ const char *fspath = strchr(name, ':');
+ if (fspath)
+ fspath++;
+ else
+ fspath = name;
+ if (! svn_fspath__is_canonical(fspath))
+ {
+ b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
+ "Section name '%s' contains non-canonical "
+ "fspath '%s'",
+ name, fspath);
+ return FALSE;
+ }
+
+ svn_config_enumerate2(b->config, name, authz_validate_rule,
+ baton, pool);
+ }
 
   if (b->err)
     return FALSE;
]]]
Received on 2011-08-30 13:19:55 CEST