You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by cm...@apache.org on 2011/01/28 16:31:42 UTC
svn commit: r1064734 - in /subversion/trunk/subversion/mod_dav_svn: mirror.c
mod_dav_svn.c
Author: cmpilato
Date: Fri Jan 28 15:31:42 2011
New Revision: 1064734
URL: http://svn.apache.org/viewvc?rev=1064734&view=rev
Log:
Disallow attempts to proxy to the server root of a master server. It
really just doesn't pan out well when you do.
* subversion/mod_dav_svn/mod_dav_svn.c
(SVNMasterURI_cmd): Fail if the SVNMasterURI value points to a server root.
* subversion/mod_dav_svn/mirror.c
(dav_svn__location_in_filter, dav_svn__location_body_filter): Expect
that the master URI has a non-NULL path part.
Modified:
subversion/trunk/subversion/mod_dav_svn/mirror.c
subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c
Modified: subversion/trunk/subversion/mod_dav_svn/mirror.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_dav_svn/mirror.c?rev=1064734&r1=1064733&r2=1064734&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_dav_svn/mirror.c (original)
+++ subversion/trunk/subversion/mod_dav_svn/mirror.c Fri Jan 28 15:31:42 2011
@@ -149,10 +149,7 @@ apr_status_t dav_svn__location_in_filter
(that is, if our root path matches that of the master server). */
apr_uri_parse(r->pool, master_uri, &uri);
root_dir = dav_svn__get_root_dir(r);
- if (uri.path)
- canonicalized_uri = svn_urlpath__canonicalize(uri.path, r->pool);
- else
- canonicalized_uri = uri.path;
+ canonicalized_uri = svn_urlpath__canonicalize(uri.path, r->pool);
if (strcmp(canonicalized_uri, root_dir) == 0) {
ap_remove_input_filter(f);
return ap_get_brigade(f->next, bb, mode, block, readbytes);
@@ -271,10 +268,7 @@ apr_status_t dav_svn__location_body_filt
(that is, if our root path matches that of the master server). */
apr_uri_parse(r->pool, master_uri, &uri);
root_dir = dav_svn__get_root_dir(r);
- if (uri.path)
- canonicalized_uri = svn_urlpath__canonicalize(uri.path, r->pool);
- else
- canonicalized_uri = uri.path;
+ canonicalized_uri = svn_urlpath__canonicalize(uri.path, r->pool);
if (strcmp(canonicalized_uri, root_dir) == 0) {
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb);
Modified: subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c?rev=1064734&r1=1064733&r2=1064734&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c (original)
+++ subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c Fri Jan 28 15:31:42 2011
@@ -228,6 +228,8 @@ static const char *
SVNMasterURI_cmd(cmd_parms *cmd, void *config, const char *arg1)
{
dir_conf_t *conf = config;
+ apr_uri_t parsed_uri;
+ const char *uri_base_name = "";
/* SVNMasterURI requires mod_proxy and mod_proxy_http
* (r->handler = "proxy-server" in mirror.c), make sure
@@ -236,7 +238,15 @@ SVNMasterURI_cmd(cmd_parms *cmd, void *c
return "module mod_proxy not loaded, required for SVNMasterURI";
if (ap_find_linked_module("mod_proxy_http.c") == NULL)
return "module mod_proxy_http not loaded, required for SVNMasterURI";
-
+ if (APR_SUCCESS != apr_uri_parse(cmd->pool, arg1, &parsed_uri))
+ return "unable to parse SVNMasterURI value";
+ if (parsed_uri.path)
+ uri_base_name = svn_urlpath__basename(
+ svn_urlpath__canonicalize(parsed_uri.path, cmd->pool),
+ cmd->pool);
+ if (! *uri_base_name)
+ return "SVNMasterURI value must not be a server root";
+
conf->master_uri = apr_pstrdup(cmd->pool, arg1);
return NULL;