[PATCH] Handle non-canonical fspaths in the authz file

Tue, 30 Aug 2011 04:19:53 -0700 

Bringing it here as it's an incompatible change.  If no objections I'll
commit it for 1.8.

[[[
Path-based authz: error out on non-canonical fspaths in the input.  (We
already canonicalize fspaths passed to the API for access testing.)

This is an incompatible change: some previously-accepted authz files
will now cause visible errors.  However, before this change the semantics
of such authz files might have been different from what a casual gloss
over them would have suggested.

Found by: Malte Schirmacher
(thana on IRC)

* subversion/libsvn_repos/authz.c
  (authz_validate_section): Validate the fspath part of the section name.

* subversion/tests/libsvn_repos/repos-test.c
  (authz): Add a basic regression test for this.
]]]

[[[
Index: subversion/tests/libsvn_repos/repos-test.c
===================================================================
--- subversion/tests/libsvn_repos/repos-test.c  (revision 1162754)
+++ subversion/tests/libsvn_repos/repos-test.c  (working copy)
@@ -1314,6 +1314,14 @@ authz(apr_pool_t *pool)
                             "Regression: incomplete ancestry test "
                             "for recursive access lookup.");
 
+  /* The authz rules for the phase 4 tests */
+  contents =
+    "[greek:/dir2//secret]"                                                  NL
+    "* ="                                                                    
NL;
+  err = authz_get_handle(&authz_cfg, contents, subpool);
+  SVN_TEST_ASSERT_ERROR(err, SVN_ERR_AUTHZ_INVALID_CONFIG);
+  svn_error_clear(err);
+
   /* That's a wrap! */
   svn_pool_destroy(subpool);
   return SVN_NO_ERROR;
Index: subversion/libsvn_repos/authz.c
===================================================================
--- subversion/libsvn_repos/authz.c     (revision 1162754)
+++ subversion/libsvn_repos/authz.c     (working copy)
@@ -723,8 +724,25 @@ static svn_boolean_t authz_validate_section(const
     svn_config_enumerate2(b->config, name, authz_validate_alias,
                           baton, pool);
   else
-    svn_config_enumerate2(b->config, name, authz_validate_rule,
-                          baton, pool);
+    {
+      /* Validate the section's name. Skip the optional REPOS_NAME. */
+      const char *fspath = strchr(name, ':');
+      if (fspath)
+        fspath++;
+      else
+        fspath = name;
+      if (! svn_fspath__is_canonical(fspath))
+        {
+          b->err = svn_error_createf(SVN_ERR_AUTHZ_INVALID_CONFIG, NULL,
+                                     "Section name '%s' contains non-canonical 
"
+                                     "fspath '%s'",
+                                     name, fspath);
+          return FALSE;
+        }
+
+      svn_config_enumerate2(b->config, name, authz_validate_rule,
+                            baton, pool);
+    }
 
   if (b->err)
     return FALSE;
]]]

Reply via email to