[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

problem with AUTHZ_SVN_RECURSIVE in mod_authz_svn.c

From: Bernd Rinn <bernd_at_sdf.lonestar.org>
Date: 2005-07-22 21:57:50 CEST

I think that I have found a bug in mod_authz_svn.c of svn 1.2.1 with
respect to operations that require AUTHZ_SVN_RECURSIVE access.

Consider a repository 'testcase' that has a directory structure


and an AuthzSVNAccessFile containing the entries:

* = rw

* =

It is understood that this won't work:

$ svn cp -m "this should fail" http://svn/repos/testcase/dir2

However, this should work in my opinion but as a matter of fact it fails:

$ svn cp -m "this should work but it fails"
http://svn/repos/testcase/dir http://svn/repos/testcase/dir3

Obviously mod_authz_svn thinks that the rule for testcase:/dir2/secret
applies to testcase:/dir and consequently denies recursive access to
The problem are the strncmp checks in parse_authz_section:

   if (strncmp(section_name, b->qualified_repos_path,
      && strncmp(section_name, b->repos_path,
                 strlen(b->repos_path))) {
      /* No match, move on to the next section. */
      return TRUE;

These checks determine whether a section matches the repos_path or not
and should also check if the directory in the section_name is perpended
by a path delimiter at position strlen(b->qualified_repos_path) or

I have prepared and attached a patch that solves the problem. Please
note that this patch is just a proof-of-concept patch since it will work
only on Unix/Linux, but not on Windows (because it has the file
separator hard coded).


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Sat Jul 23 00:44:27 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.