On Wed, Aug 7, 2013 at 1:03 PM, Roderich Schupp
> Err... the cache apr_hash_t by construction cannot contain keys (i.e.paths)
> that are not in the authz file also, so is bounded by the size of the
> corresponding svn_config_t. In fact, one could precompute the maximal
> cache on the first call to svn_repos_authz_check_access() by
> iterating over all paths in svn_config_t.
Yes that's true. I know there are people out there with very large
authz files though. Your cache isn't going to use much extra memory
for most connections. But an attacker can deliberately use more. I
agree in many if not most cases that still won't be an issue, but it's
an issue that at a minimum we have to point out to our admins.
> I see your point. "Clearing the cache" here means a single svn_clear_pool()
It's more than that. In the worst case scenario where the users
change for every request then you're doing the work to build a cache
that's torn down without ever being used.
Received on 2013-08-07 23:08:40 CEST