You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Daniel Shahaf <d....@daniel.shahaf.name> on 2010/08/09 18:38:49 UTC

Re: svn commit: r983764 - /subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c

+1 to merge this to trunk.

(Please specify "Approved by: danielsh" when doing so, since your commit
access does not currently include /trunk.  Thanks.)

stefan2@apache.org wrote on Mon, Aug 09, 2010 at 18:27:49 -0000:
> Author: stefan2
> Date: Mon Aug  9 18:27:49 2010
> New Revision: 983764
> 
> URL: http://svn.apache.org/viewvc?rev=983764&view=rev
> Log:
> Fix an obvious typo in the path validation code that is also present at /trunk.
> It produces false negatives, i.e. certain malformed URIs won't be detected.
> 
> * subversion/libsvn_subr/dirent_uri.c
>   (svn_uri_is_canonical): actually compare the chars following '%' instead
>    of comparing '%'+1 and '%'+2.
> 
> Modified:
>     subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c
> 
> Modified: subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c
> URL: http://svn.apache.org/viewvc/subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c?rev=983764&r1=983763&r2=983764&view=diff
> ==============================================================================
> --- subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c (original)
> +++ subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c Mon Aug  9 18:27:49 2010
> @@ -1901,11 +1901,11 @@ svn_uri_is_canonical(const char *uri, ap
>  
>                /* Can't use apr_isxdigit() because lower case letters are
>                   not in our canonical format */
> -              if (((*(ptr+1) < '0' || (*ptr+1) > '9')) 
> -                  && (*(ptr+1) < 'A' || (*ptr+1) > 'F'))
> +              if (((*(ptr+1) < '0' || *(ptr+1) > '9')) 
> +                  && (*(ptr+1) < 'A' || *(ptr+1) > 'F'))
>                  return FALSE;
> -              else if (((*(ptr+2) < '0' || (*ptr+2) > '9')) 
> -                  && (*(ptr+2) < 'A' || (*ptr+2) > 'F'))
> +              else if (((*(ptr+2) < '0' || *(ptr+2) > '9')) 
> +                  && (*(ptr+2) < 'A' || *(ptr+2) > 'F'))
>                  return FALSE;
>  
>                digitz[0] = *(++ptr);
> 
>

Re: svn commit: r983764 - /subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c

Posted by Stefan Fuhrmann <st...@alice-dsl.de>.

Daniel Shahaf wrote:
> +1 to merge this to trunk.
>
> (Please specify "Approved by: danielsh" when doing so, since your commit
> access does not currently include /trunk.  Thanks.)
>   
Done in r984926.

-- Stefan^2.
> stefan2@apache.org wrote on Mon, Aug 09, 2010 at 18:27:49 -0000:
>   
>> Author: stefan2
>> Date: Mon Aug  9 18:27:49 2010
>> New Revision: 983764
>>
>> URL: http://svn.apache.org/viewvc?rev=983764&view=rev
>> Log:
>> Fix an obvious typo in the path validation code that is also present at /trunk.
>> It produces false negatives, i.e. certain malformed URIs won't be detected.
>>
>> * subversion/libsvn_subr/dirent_uri.c
>>   (svn_uri_is_canonical): actually compare the chars following '%' instead
>>    of comparing '%'+1 and '%'+2.
>>
>> Modified:
>>     subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c
>>
>> Modified: subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c
>> URL: http://svn.apache.org/viewvc/subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c?rev=983764&r1=983763&r2=983764&view=diff
>> ==============================================================================
>> --- subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c (original)
>> +++ subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c Mon Aug  9 18:27:49 2010
>> @@ -1901,11 +1901,11 @@ svn_uri_is_canonical(const char *uri, ap
>>  
>>                /* Can't use apr_isxdigit() because lower case letters are
>>                   not in our canonical format */
>> -              if (((*(ptr+1) < '0' || (*ptr+1) > '9')) 
>> -                  && (*(ptr+1) < 'A' || (*ptr+1) > 'F'))
>> +              if (((*(ptr+1) < '0' || *(ptr+1) > '9')) 
>> +                  && (*(ptr+1) < 'A' || *(ptr+1) > 'F'))
>>                  return FALSE;
>> -              else if (((*(ptr+2) < '0' || (*ptr+2) > '9')) 
>> -                  && (*(ptr+2) < 'A' || (*ptr+2) > 'F'))
>> +              else if (((*(ptr+2) < '0' || *(ptr+2) > '9')) 
>> +                  && (*(ptr+2) < 'A' || *(ptr+2) > 'F'))
>>                  return FALSE;
>>  
>>                digitz[0] = *(++ptr);
>>
>>
>>     
>
>