This fix should probably be made on trunk, yes? -Hyrum
On Mon, Aug 9, 2010 at 1:27 PM, <stef...@apache.org> wrote: > Author: stefan2 > Date: Mon Aug 9 18:27:49 2010 > New Revision: 983764 > > URL: http://svn.apache.org/viewvc?rev=983764&view=rev > Log: > Fix an obvious typo in the path validation code that is also present at > /trunk. > It produces false negatives, i.e. certain malformed URIs won't be detected. > > * subversion/libsvn_subr/dirent_uri.c > (svn_uri_is_canonical): actually compare the chars following '%' instead > of comparing '%'+1 and '%'+2. > > Modified: > subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c > > Modified: subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c > URL: > http://svn.apache.org/viewvc/subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c?rev=983764&r1=983763&r2=983764&view=diff > ============================================================================== > --- subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c > (original) > +++ subversion/branches/performance/subversion/libsvn_subr/dirent_uri.c Mon > Aug 9 18:27:49 2010 > @@ -1901,11 +1901,11 @@ svn_uri_is_canonical(const char *uri, ap > > /* Can't use apr_isxdigit() because lower case letters are > not in our canonical format */ > - if (((*(ptr+1) < '0' || (*ptr+1) > '9')) > - && (*(ptr+1) < 'A' || (*ptr+1) > 'F')) > + if (((*(ptr+1) < '0' || *(ptr+1) > '9')) > + && (*(ptr+1) < 'A' || *(ptr+1) > 'F')) > return FALSE; > - else if (((*(ptr+2) < '0' || (*ptr+2) > '9')) > - && (*(ptr+2) < 'A' || (*ptr+2) > 'F')) > + else if (((*(ptr+2) < '0' || *(ptr+2) > '9')) > + && (*(ptr+2) < 'A' || *(ptr+2) > 'F')) > return FALSE; > > digitz[0] = *(++ptr); > > >
