On Tue, Mar 26, 2013 at 6:36 AM, Stefan Sperling <s...@elego.de> wrote: > We should add some C tests as well to verify API behaviour at the > client layer and at the repos layer. > > Given the ripple effects of this problem in FSFS revision files I think > we should ensure that the Subversion server blocks such filenames from > entering the repository (any repository, FSFS and BDB). It seems FSFS format > changes would be required to support filenames with trailing newlines > properly, an effort which isn't worth the gain in my opinion.
+1, this is not an allowed use and is obviously a hole in our server implementations. I'd actually say this is a potential DoS since committing such a file creates all sorts of havoc for clients and admins after the fact. I'd suggest that we make svnadmin verify check for this condition and report it. Then devise a fix procedure to remove or rename the file in the repository. This allows admins to resolve their repositories from this problem in case there are other cases of this out in the wild that we don't know about. > And given the ripple effects seen in areas such as repository verification, > svnsync, and ra_neon, I don't think we can afford to call this a supported > use case until all components of the system have been fixed to handle > filenames with trailing newlines properly. It probably breaks other things like the dump format and diff. Tons of things assume newline has special meaning.
