> -----Original Message-----
> From: stsp_at_apache.org [mailto:stsp_at_apache.org]
> Sent: donderdag 28 juni 2012 11:17
> To: commits_at_subversion.apache.org
> Subject: svn commit: r1354876 -
> /subversion/trunk/subversion/libsvn_subr/dirent_uri.c
>
> Author: stsp
> Date: Thu Jun 28 09:16:41 2012
> New Revision: 1354876
>
> URL: http://svn.apache.org/viewvc?rev=1354876&view=rev
> Log:
> * subversion/libsvn_subr/dirent_uri.c
> (svn_dirent_get_absolute): If the provided input is already absolute, just
> return a copy of the input instead of asking APR to figure out the absolute
> path. This should allow Subversion to run within a directory which has been
> removed, as long the user passes absolute paths.
> See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678845
>
> Modified:
> subversion/trunk/subversion/libsvn_subr/dirent_uri.c
>
> Modified: subversion/trunk/subversion/libsvn_subr/dirent_uri.c
> URL:
> http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/dir
> ent_uri.c?rev=1354876&r1=1354875&r2=1354876&view=diff
> ==========================================================
> ====================
> --- subversion/trunk/subversion/libsvn_subr/dirent_uri.c (original)
> +++ subversion/trunk/subversion/libsvn_subr/dirent_uri.c Thu Jun 28
> 09:16:41 2012
> @@ -1554,6 +1554,13 @@ svn_dirent_get_absolute(const char **pab
>
> SVN_ERR_ASSERT(! svn_path_is_url(relative));
>
> + /* If the input is already absolute, just copy it to the result pool. */
> + if (svn_dirent_is_absolute(relative))
> + {
> + *pabsolute = apr_pstrdup(pool, relative);
> + return SVN_NO_ERROR;
> + }
svn_dirent_is_absolute("/my/subdir/with/../../..") returns TRUE, so this patch breaks all scenarios that assume that making the path absolute makes it canonical. (Which we do *everywhere* in libsvn_wc)
For unix every path that starts with a "/" would return TRUE.
This check would be safe if the svn_dirent_is_absolute() function would also check that the part after the root (which might be something like "A:/" on Windows) was a valid relpath, but that would make it much more expensive for the cases where it is used now.
Bert
Received on 2012-06-28 12:06:22 CEST