On Thu, Aug 8, 2013 at 1:08 AM, Ben Reser <ben_at_reser.org> wrote:
> On Wed, Aug 7, 2013 at 1:03 PM, Roderich Schupp
> <roderich.schupp_at_gmail.com> wrote:
>> Err... the cache apr_hash_t by construction cannot contain keys (i.e.paths)
>> that are not in the authz file also, so is bounded by the size of the
>> corresponding svn_config_t. In fact, one could precompute the maximal
>> cache on the first call to svn_repos_authz_check_access() by
>> iterating over all paths in svn_config_t.
>
> Yes that's true. I know there are people out there with very large
> authz files though. Your cache isn't going to use much extra memory
> for most connections. But an attacker can deliberately use more. I
> agree in many if not most cases that still won't be an issue, but it's
> an issue that at a minimum we have to point out to our admins.
>
I don't see problem here: in worst scenario cache size would same as
authorization file. So even for large authorization files memory usage
will be limited.
Other approaches are:
1. use svn_cache__t object to store cached values
2. Factor out configuration file parser and store authorization
settings in our own hash table with interesting cached values.
--
Ivan Zhakov
CTO | VisualSVN | http://www.visualsvn.com
Received on 2013-08-08 14:42:24 CEST