problem with AUTHZ_SVN_RECURSIVE in mod_authz_svn.c

I think that I have found a bug in mod_authz_svn.c of svn 1.2.1 with
respect to operations that require AUTHZ_SVN_RECURSIVE access.

Consider a repository 'testcase' that has a directory structure

/dir
  /dir/foo
/dir2
  /dir2/secret

and an AuthzSVNAccessFile containing the entries:

[/]
* = rw

[testcase:/dir2/secret]
* =

It is understood that this won't work:

$ svn cp -m "this should fail" http://svn/repos/testcase/dir2
http://svn/repos/testcase/dir3

However, this should work in my opinion but as a matter of fact it fails:

$ svn cp -m "this should work but it fails"
http://svn/repos/testcase/dir http://svn/repos/testcase/dir3

Obviously mod_authz_svn thinks that the rule for testcase:/dir2/secret
applies to testcase:/dir and consequently denies recursive access to
testcase:/dir.
The problem are the strncmp checks in parse_authz_section:

   if (strncmp(section_name, b->qualified_repos_path,
              strlen(b->qualified_repos_path))
      && strncmp(section_name, b->repos_path,
                 strlen(b->repos_path))) {
      /* No match, move on to the next section. */
      return TRUE;
  }

These checks determine whether a section matches the repos_path or not
and should also check if the directory in the section_name is perpended
by a path delimiter at position strlen(b->qualified_repos_path) or
strlen(b->repos_path).

I have prepared and attached a patch that solves the problem. Please
note that this patch is just a proof-of-concept patch since it will work
only on Unix/Linux, but not on Windows (because it has the file
separator hard coded).

Regards,
Bernd

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org