Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-3063

issue-2897 branch has insecure use of SQL

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: trunk
    • Fix Version/s: 1.5.0
    • Component/s: libsvn_fs
    • Labels:

      Description

      construct_rooted_path_segments in libsvn_fs_util/mergeinfo-sqlite-index.c on the
      issue-2897 branch interpolates paths directly into a query string without any
      sort of escaping.  This would be a security hole.
      
      The fix would be to return a string like (?, ?, ?, ?) and an array of paths to
      bind.  This must be done if this code is to be used.
      
      However, I don't really think this is necessary; I'm planning to reimplement
      svn_fs_get_commit_and_merge_ranges without using the SQLite index at all, after
      reintegrate is merged to trunk.  But if that doesn't end up happening, and
      issue-2897 is merged to trunk still using SQLite, this bug must be fixed.
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              glasser David Samuel Glasser
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: