[prev in list] [next in list] [prev in thread] [next in thread]
List: subversion-dev
Subject: Re: "util.c' line 96: assertion failed" when repository URL has "username:password@"
From: Branko_Čibej <brane () apache ! org>
Date: 2023-04-22 9:15:00
Message-ID: e55fc8fb-b9d3-33d6-83b0-985fe55c9a44 () apache ! org
[Download RAW message or body]
On 20.04.2023 00:13, Daniel Sahlberg wrote:
> On 2021/07/27 20:02:04 Pavel Lyalyakin wrote:
> > Hello,
> >
> > Is it supported to enter "username:password@" in the URL with the SVN
> > command-line client?
> >
> > The SVN client crashes when I run the following command:
> > [[[
> > svn infohttps://username:password@svn.apache.org/repos/asf/subversion/trunk
> > ]]]
> >
> > [[[
> > svn: E235000: In file '..\..\..\subversion\libsvn_client\util.c' line 96:
> > assertion failed (svn_uri__is_ancestor(pathrev->repos_root_url, url))
> > ]]]
> >
> > svn, version 1.14.1 (r1886195) on Windows.
> >
> > Found this athttps://stackoverflow.com/q/68502915/761095.
> >
> Based on me digging around in GDB and in the source hunting for a similar assert, \
> I'm guessing that uri_skip_ancestor doesn't account for the username/password in \
> the URL:
> [[[
> uri_skip_ancestor(const char *parent_uri,
> const char *child_uri)
> {
> apr_size_t len = strlen(parent_uri);
>
> if (0 != strncmp(parent_uri, child_uri, len))
> return NULL; /* parent_uri is no ancestor of child_uri */
> ]]]
>
> By code inspection, I believe parent_uri comes from svn_ra_get_repos_root2 and \
> child_uri comes from the command line URL. I'm guessing the second still contains \
> the username/password while the first one doesn't, so obviously the strncmp doesn't \
> think they are equal.
> I'm not sure where the correct place would be to filter out the username/password. \
> It could surely be done in uri_skip_ancestor but I also think there is already code \
> to do this somewhere.
We don't support that in URLs because they're stored all over the place
in the working copy in the clear. We could (should?) report a better
error, but not actually support having passwords in the repository URL.
-- Brane
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 20.04.2023 00:13, Daniel Sahlberg
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:pony-ce5a3c2d-95b2-4e3a-89b9-bc4b3a7a9d4e-dev@subversion.apache.org">
<pre class="moz-quote-pre" wrap="">On 2021/07/27 20:02:04 Pavel Lyalyakin \
wrote: </pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Hello,
Is it supported to enter "username:password@" in the URL with the SVN
command-line client?
The SVN client crashes when I run the following command:
[[[
svn info <a class="moz-txt-link-freetext" \
href="https://username:password@svn.apache.org/repos/asf/subversion/trunk">https://username:password@svn.apache.org/repos/asf/subversion/trunk</a>
]]]
[[[
svn: E235000: In file '..\..\..\subversion\libsvn_client\util.c' line 96:
assertion failed (svn_uri__is_ancestor(pathrev->repos_root_url, url))
]]]
svn, version 1.14.1 (r1886195) on Windows.
Found this at <a class="moz-txt-link-freetext" \
href="https://stackoverflow.com/q/68502915/761095">https://stackoverflow.com/q/68502915/761095</a>.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Based on me digging around in GDB and in the source hunting for a similar assert, I'm \
guessing that uri_skip_ancestor doesn't account for the username/password in the URL:
[[[
uri_skip_ancestor(const char *parent_uri,
const char *child_uri)
{
apr_size_t len = strlen(parent_uri);
if (0 != strncmp(parent_uri, child_uri, len))
return NULL; /* parent_uri is no ancestor of child_uri */
]]]
By code inspection, I believe parent_uri comes from svn_ra_get_repos_root2 and \
child_uri comes from the command line URL. I'm guessing the second still contains the \
username/password while the first one doesn't, so obviously the strncmp doesn't think \
they are equal.
I'm not sure where the correct place would be to filter out the username/password. It \
could surely be done in uri_skip_ancestor but I also think there is already code to \
do this somewhere.</pre> </blockquote>
<br>
We don't support that in URLs because they're stored all over the
place in the working copy in the clear. We could (should?) report a
better error, but not actually support having passwords in the
repository URL.<br>
<br>
-- Brane<br>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic