You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by da...@apache.org on 2011/07/21 22:27:06 UTC
svn commit: r1149343 - in /subversion/trunk/subversion:
libsvn_fs/fs-loader.c libsvn_fs_base/lock.c libsvn_fs_fs/lock.c
libsvn_repos/hooks.c tests/cmdline/lock_tests.py
Author: danielsh
Date: Thu Jul 21 20:27:05 2011
New Revision: 1149343
URL: http://svn.apache.org/viewvc?rev=1149343&view=rev
Log:
Follow-up to r1146528: move lock token validation to the FS layer.
Patch by: ivan
me
* subversion/libsvn_fs/fs-loader.c
(apr_uri.h): Include.
(svn_fs_lock): Validate the token to be an XML-safe URI, in the
'opaquelocktoken:' scheme. That has already been documented in
svn_fs.h. (In particular, this validation implies a subset of ASCII.)
* subversion/tests/cmdline/lock_tests.py
(): Mark as UTF-8 for Python.
(lock_invalid_token): New test.
(test_list): Run it.
* subversion/libsvn_repos/hooks.c
(svn_repos__hooks_pre_lock):
Remove token validation, reverting r1146528.
Modified:
subversion/trunk/subversion/libsvn_fs/fs-loader.c
subversion/trunk/subversion/libsvn_fs_base/lock.c
subversion/trunk/subversion/libsvn_fs_fs/lock.c
subversion/trunk/subversion/libsvn_repos/hooks.c
subversion/trunk/subversion/tests/cmdline/lock_tests.py
Modified: subversion/trunk/subversion/libsvn_fs/fs-loader.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_fs/fs-loader.c?rev=1149343&r1=1149342&r2=1149343&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_fs/fs-loader.c (original)
+++ subversion/trunk/subversion/libsvn_fs/fs-loader.c Thu Jul 21 20:27:05 2011
@@ -28,6 +28,7 @@
#include <apr_md5.h>
#include <apr_thread_mutex.h>
#include <apr_uuid.h>
+#include <apr_uri.h>
#include "svn_types.h"
#include "svn_dso.h"
@@ -1305,6 +1306,31 @@ svn_fs_lock(svn_lock_t **lock, svn_fs_t
_("Lock comment contains illegal characters"));
}
+ /* Enforce that the token be an XML-safe URI. */
+ if (token)
+ {
+ apr_uri_t uri;
+ apr_status_t status;
+
+ status = apr_uri_parse(pool, token, &uri);
+ if (status)
+ return svn_error_createf(SVN_ERR_FS_BAD_LOCK_TOKEN,
+ svn_error_wrap_apr(status, NULL),
+ _("Can't parse token '%s' as a URI"),
+ token);
+
+ if (uri.scheme == NULL || strcmp(uri.scheme, "opaquelocktoken"))
+ return svn_error_createf(SVN_ERR_FS_BAD_LOCK_TOKEN, NULL,
+ _("Lock token URI '%s' has bad scheme; "
+ "expected '%s'"),
+ token, "opaquelocktoken");
+
+ if (! svn_xml_is_xml_safe(token, strlen(token)))
+ return svn_error_create(
+ SVN_ERR_FS_BAD_LOCK_TOKEN, NULL,
+ _("Lock token URI is not XML-safe"));
+ }
+
if (expiration_date < 0)
return svn_error_create
(SVN_ERR_INCORRECT_PARAMS, NULL,
Modified: subversion/trunk/subversion/libsvn_fs_base/lock.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_fs_base/lock.c?rev=1149343&r1=1149342&r2=1149343&view=diff
==============================================================================
(empty)
Modified: subversion/trunk/subversion/libsvn_fs_fs/lock.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_fs_fs/lock.c?rev=1149343&r1=1149342&r2=1149343&view=diff
==============================================================================
(empty)
Modified: subversion/trunk/subversion/libsvn_repos/hooks.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/hooks.c?rev=1149343&r1=1149342&r2=1149343&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_repos/hooks.c (original)
+++ subversion/trunk/subversion/libsvn_repos/hooks.c Thu Jul 21 20:27:05 2011
@@ -618,18 +618,9 @@ svn_repos__hooks_pre_lock(svn_repos_t *r
pool));
if (token)
- {
- svn_error_t *err;
- /* Convert hook output from native encoding to UTF-8. */
- err = svn_utf_cstring_to_utf8(token, buf->data, pool);
- if (err)
- {
- return svn_error_create(SVN_ERR_REPOS_HOOK_FAILURE, err,
- _("Output of pre-lock hook could not be "
- "translated from the native locale to "
- "UTF-8."));
- }
- }
+ /* No validation here; the FS will take care of that. */
+ *token = buf->data;
+
}
else if (token)
*token = "";
Modified: subversion/trunk/subversion/tests/cmdline/lock_tests.py
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/lock_tests.py?rev=1149343&r1=1149342&r2=1149343&view=diff
==============================================================================
--- subversion/trunk/subversion/tests/cmdline/lock_tests.py (original)
+++ subversion/trunk/subversion/tests/cmdline/lock_tests.py Thu Jul 21 20:27:05 2011
@@ -1,4 +1,5 @@
#!/usr/bin/env python
+# encoding=utf-8
#
# lock_tests.py: testing versioned properties
#
@@ -1720,6 +1721,26 @@ def block_unlock_if_pre_unlock_hook_fail
1, 'unlock', pi_path)
svntest.actions.run_and_verify_status(wc_dir, expected_status)
+#----------------------------------------------------------------------
+def lock_invalid_token(sbox):
+ "verify pre-lock hook returning invalid token"
+
+ sbox.build()
+
+ hook_path = os.path.join(sbox.repo_dir, 'hooks', 'pre-lock')
+ svntest.main.create_python_hook_script(hook_path,
+ '# encoding=utf-8\n'
+ 'import sys\n'
+ 'sys.stdout.write("ÑеÑÑ")\n'
+ 'sys.exit(0)\n')
+
+ fname = 'iota'
+ file_path = os.path.join(sbox.wc_dir, fname)
+
+ svntest.actions.run_and_verify_svn(None, None,
+ "svn: E160037: .*scheme.*'opaquelocktoken'",
+ 'lock', '-m', '', file_path)
+
########################################################################
# Run the tests
@@ -1768,6 +1789,7 @@ test_list = [ None,
cp_isnt_ro,
update_locked_deleted,
block_unlock_if_pre_unlock_hook_fails,
+ lock_invalid_token,
]
if __name__ == '__main__':