You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by st...@apache.org on 2013/10/19 21:54:25 UTC

svn commit: r1533812 - /subversion/trunk/subversion/libsvn_ra_svn/client.c

Author: stefan2
Date: Sat Oct 19 19:54:24 2013
New Revision: 1533812

URL: http://svn.apache.org/r1533812
Log:
Add paranoia check on the ra_svn receiver side.

* subversion/libsvn_ra_svn/client.c
  (ra_svn_get_dir): return an error when dirent names contain path separators

Modified:
    subversion/trunk/subversion/libsvn_ra_svn/client.c

Modified: subversion/trunk/subversion/libsvn_ra_svn/client.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_svn/client.c?rev=1533812&r1=1533811&r2=1533812&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_ra_svn/client.c (original)
+++ subversion/trunk/subversion/libsvn_ra_svn/client.c Sat Oct 19 19:54:24 2013
@@ -1341,6 +1341,13 @@ static svn_error_t *ra_svn_get_dir(svn_r
                                       &name, &kind, &size, &has_props,
                                       &crev, &cdate, &cauthor));
 
+      /* Nothing to sanitize here.  Any multi-segment path is simply
+         illegal in the hash returned by svn_ra_get_dir2. */
+      if (strchr(name, '/'))
+        return svn_error_createf(SVN_ERR_RA_SVN_MALFORMED_DATA, NULL,
+                                 _("Invalid directory entry name '%s'"),
+                                 name);
+
       dirent = svn_dirent_create(pool);
       dirent->kind = svn_node_kind_from_word(kind);
       dirent->size = size;/* FIXME: svn_filesize_t */