Author: stsp Date: Tue Sep 3 14:14:19 2019 New Revision: 1866321 URL: http://svn.apache.org/viewvc?rev=1866321&view=rev Log: Use more of the new _safe variants of canonicalization functions.
This commit converts relpath function calls in svnserve. * subversion/svnserve/serve.c (set_path, delete_path, link_path, add_lock_tokens, unlock_paths, get_file, get_dir, update, switch_cmd, status, diff, get_mergeinfo, log_cmd, check_path, stat_cmd, get_locations, get_location_segments, get_file_revs, lock, lock_many, unlock, unlock_many, get_lock, get_locks, get_deleted_rev, get_inherited_props, list, find_repos): Use svn_relpath_canonicalize_safe() instead of svn_relpath_canonicalize(). Modified: subversion/trunk/subversion/svnserve/serve.c Modified: subversion/trunk/subversion/svnserve/serve.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svnserve/serve.c?rev=1866321&r1=1866320&r2=1866321&view=diff ============================================================================== --- subversion/trunk/subversion/svnserve/serve.c (original) +++ subversion/trunk/subversion/svnserve/serve.c Tue Sep 3 14:14:19 2019 @@ -860,7 +860,7 @@ static svn_error_t *set_path(svn_ra_svn_ svn_ra_svn__list_t *params, void *baton) { report_driver_baton_t *b = baton; - const char *path, *lock_token, *depth_word; + const char *path, *lock_token, *depth_word, *canonical_relpath; svn_revnum_t rev; /* Default to infinity, for old clients that don't send depth. */ svn_depth_t depth = svn_depth_infinity; @@ -871,7 +871,9 @@ static svn_error_t *set_path(svn_ra_svn_ &depth_word)); if (depth_word) depth = svn_depth_from_word(depth_word); - path = svn_relpath_canonicalize(path, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_relpath, NULL, path, + pool, pool)); + path = canonical_relpath; if (b->from_rev && strcmp(path, "") == 0) *b->from_rev = rev; if (!b->err) @@ -887,10 +889,12 @@ static svn_error_t *delete_path(svn_ra_s svn_ra_svn__list_t *params, void *baton) { report_driver_baton_t *b = baton; - const char *path; + const char *path, *canonical_relpath; SVN_ERR(svn_ra_svn__parse_tuple(params, "c", &path)); - path = svn_relpath_canonicalize(path, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_relpath, NULL, path, + pool, pool)); + path = canonical_relpath; if (!b->err) b->err = svn_repos_delete_path(b->report_baton, path, pool); return SVN_NO_ERROR; @@ -901,6 +905,7 @@ static svn_error_t *link_path(svn_ra_svn { report_driver_baton_t *b = baton; const char *path, *url, *lock_token, *fs_path, *depth_word, *canonical_url; + const char *canonical_path; svn_revnum_t rev; svn_boolean_t start_empty; /* Default to infinity, for old clients that don't send depth. */ @@ -912,7 +917,10 @@ static svn_error_t *link_path(svn_ra_svn /* ### WHAT?! The link path is an absolute URL?! Didn't see that coming... -- cmpilato */ - path = svn_relpath_canonicalize(path, pool); + + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); + path = canonical_path; SVN_ERR(svn_uri_canonicalize_safe(&canonical_url, NULL, url, pool, pool)); url = canonical_url; if (depth_word) @@ -1354,6 +1362,7 @@ add_lock_tokens(const svn_ra_svn__list_t server_baton_t *sb, apr_pool_t *pool) { + const char *canonical_path; int i; svn_fs_access_t *fs_access; @@ -1383,9 +1392,10 @@ add_lock_tokens(const svn_ra_svn__list_t "Lock token isn't a string"); path = path_item->u.string.data; + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); full_path = svn_fspath__join(sb->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), - pool); + canonical_path, pool); if (! lookup_access(pool, sb, svn_authz_write, full_path, TRUE)) return error_create_and_log(SVN_ERR_RA_NOT_AUTHORIZED, NULL, NULL, @@ -1423,6 +1433,7 @@ unlock_paths(const svn_ra_svn__list_t *l int i; apr_pool_t *subpool = svn_pool_create(pool); apr_hash_t *targets = apr_hash_make(subpool); + const char *canonical_path; svn_error_t *err; for (i = 0; i < lock_tokens->nelts; ++i) @@ -1435,9 +1446,10 @@ unlock_paths(const svn_ra_svn__list_t *l token_item = &SVN_RA_SVN__LIST_ITEM(&item->u.list, 1); path = path_item->u.string.data; + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + subpool, subpool)); full_path = svn_fspath__join(sb->repository->fs_path->data, - svn_relpath_canonicalize(path, subpool), - subpool); + canonical_path, subpool); token = token_item->u.string.data; svn_hash_sets(targets, full_path, token); } @@ -1577,7 +1589,7 @@ get_file(svn_ra_svn_conn_t *conn, void *baton) { server_baton_t *b = baton; - const char *path, *full_path, *hex_digest; + const char *path, *full_path, *hex_digest, *canonical_path; svn_revnum_t rev; svn_fs_root_t *root; svn_stream_t *contents; @@ -1604,8 +1616,10 @@ get_file(svn_ra_svn_conn_t *conn, if (wants_inherited_props == SVN_RA_SVN_UNSPECIFIED_NUMBER) wants_inherited_props = FALSE; - full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, pool, + pool)); + full_path = svn_fspath__join(b->repository->fs_path->data, canonical_path, + pool); /* Check authorizations */ SVN_ERR(must_have_access(conn, pool, b, svn_authz_read, @@ -1762,7 +1776,7 @@ get_dir(svn_ra_svn_conn_t *conn, void *baton) { server_baton_t *b = baton; - const char *path, *full_path; + const char *path, *full_path, *canonical_path; svn_revnum_t rev; apr_hash_t *entries, *props = NULL; apr_array_header_t *inherited_props; @@ -1788,8 +1802,10 @@ get_dir(svn_ra_svn_conn_t *conn, wants_inherited_props = FALSE; SVN_ERR(parse_dirent_fields(&dirent_fields, dirent_fields_list)); - full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); + full_path = svn_fspath__join(b->repository->fs_path->data, canonical_path, + pool); /* Check authorizations */ SVN_ERR(must_have_access(conn, pool, b, svn_authz_read, @@ -1936,7 +1952,7 @@ update(svn_ra_svn_conn_t *conn, { server_baton_t *b = baton; svn_revnum_t rev; - const char *target, *full_path, *depth_word; + const char *target, *full_path, *depth_word, *canonical_target; svn_boolean_t recurse; svn_tristate_t send_copyfrom_args; /* Optional; default FALSE */ svn_tristate_t ignore_ancestry; /* Optional; default FALSE */ @@ -1949,7 +1965,9 @@ update(svn_ra_svn_conn_t *conn, SVN_ERR(svn_ra_svn__parse_tuple(params, "(?r)cb?w3?3", &rev, &target, &recurse, &depth_word, &send_copyfrom_args, &ignore_ancestry)); - target = svn_relpath_canonicalize(target, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_target, NULL, target, + pool, pool)); + target = canonical_target; if (depth_word) depth = svn_depth_from_word(depth_word); @@ -1995,7 +2013,7 @@ switch_cmd(svn_ra_svn_conn_t *conn, server_baton_t *b = baton; svn_revnum_t rev; const char *target, *depth_word; - const char *switch_url, *switch_path, *canonical_url; + const char *switch_url, *switch_path, *canonical_url, *canonical_target; svn_boolean_t recurse; /* Default to unknown. Old clients won't send depth, but we'll handle that by converting recurse if necessary. */ @@ -2007,7 +2025,9 @@ switch_cmd(svn_ra_svn_conn_t *conn, SVN_ERR(svn_ra_svn__parse_tuple(params, "(?r)cbc?w?33", &rev, &target, &recurse, &switch_url, &depth_word, &send_copyfrom_args, &ignore_ancestry)); - target = svn_relpath_canonicalize(target, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_target, NULL, target, + pool, pool)); + target = canonical_target; SVN_ERR(svn_uri_canonicalize_safe(&canonical_url, NULL, switch_url, pool, pool)); switch_url = canonical_url; @@ -2048,7 +2068,7 @@ status(svn_ra_svn_conn_t *conn, { server_baton_t *b = baton; svn_revnum_t rev; - const char *target, *depth_word; + const char *target, *depth_word, *canonical_target; svn_boolean_t recurse; /* Default to unknown. Old clients won't send depth, but we'll handle that by converting recurse if necessary. */ @@ -2057,7 +2077,9 @@ status(svn_ra_svn_conn_t *conn, /* Parse the arguments. */ SVN_ERR(svn_ra_svn__parse_tuple(params, "cb?(?r)?w", &target, &recurse, &rev, &depth_word)); - target = svn_relpath_canonicalize(target, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_target, NULL, target, + pool, pool)); + target = canonical_target; if (depth_word) depth = svn_depth_from_word(depth_word); @@ -2088,6 +2110,7 @@ diff(svn_ra_svn_conn_t *conn, server_baton_t *b = baton; svn_revnum_t rev; const char *target, *versus_url, *versus_path, *depth_word, *canonical_url; + const char *canonical_target; svn_boolean_t recurse, ignore_ancestry; svn_boolean_t text_deltas; /* Default to unknown. Old clients won't send depth, but we'll @@ -2110,7 +2133,9 @@ diff(svn_ra_svn_conn_t *conn, &ignore_ancestry, &versus_url, &text_deltas, &depth_word)); } - target = svn_relpath_canonicalize(target, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_target, NULL, target, + pool, pool)); + target = canonical_target; SVN_ERR(svn_uri_canonicalize_safe(&canonical_url, NULL, versus_url, pool, pool)); versus_url = canonical_url; @@ -2238,13 +2263,15 @@ get_mergeinfo(svn_ra_svn_conn_t *conn, for (i = 0; i < paths->nelts; i++) { svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(paths, i); - const char *full_path; + const char *full_path, *canonical_path; if (item->kind != SVN_RA_SVN_STRING) return svn_error_create(SVN_ERR_RA_SVN_MALFORMED_DATA, NULL, _("Path is not a string")); - full_path = svn_relpath_canonicalize(item->u.string.data, pool); - full_path = svn_fspath__join(b->repository->fs_path->data, full_path, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, + item->u.string.data, pool, pool)); + full_path = svn_fspath__join(b->repository->fs_path->data, + canonical_path, pool); APR_ARRAY_PUSH(canonical_paths, const char *) = full_path; } @@ -2406,7 +2433,7 @@ log_cmd(svn_ra_svn_conn_t *conn, svn_error_t *err, *write_err; server_baton_t *b = baton; svn_revnum_t start_rev, end_rev; - const char *full_path; + const char *full_path, *canonical_path; svn_boolean_t send_changed_paths, strict_node, include_merged_revisions; apr_array_header_t *full_paths, *revprops; svn_ra_svn__list_t *paths, *revprop_items; @@ -2470,9 +2497,10 @@ log_cmd(svn_ra_svn_conn_t *conn, if (elt->kind != SVN_RA_SVN_STRING) return svn_error_create(SVN_ERR_RA_SVN_MALFORMED_DATA, NULL, _("Log path entry not a string")); - full_path = svn_relpath_canonicalize(elt->u.string.data, pool), - full_path = svn_fspath__join(b->repository->fs_path->data, full_path, - pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, + elt->u.string.data, pool, pool)); + full_path = svn_fspath__join(b->repository->fs_path->data, + canonical_path, pool); APR_ARRAY_PUSH(full_paths, const char *) = full_path; } SVN_ERR(trivial_auth_request(conn, pool, b)); @@ -2515,13 +2543,15 @@ check_path(svn_ra_svn_conn_t *conn, { server_baton_t *b = baton; svn_revnum_t rev; - const char *path, *full_path; + const char *path, *full_path, *canonical_path; svn_fs_root_t *root; svn_node_kind_t kind; SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)", &path, &rev)); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool));; full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + canonical_path, pool); /* Check authorizations */ SVN_ERR(must_have_access(conn, pool, b, svn_authz_read, @@ -2548,13 +2578,15 @@ stat_cmd(svn_ra_svn_conn_t *conn, { server_baton_t *b = baton; svn_revnum_t rev; - const char *path, *full_path, *cdate; + const char *path, *full_path, *cdate, *canonical_path; svn_fs_root_t *root; svn_dirent_t *dirent; SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)", &path, &rev)); - full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, pool, + pool)); + full_path = svn_fspath__join(b->repository->fs_path->data, canonical_path, + pool); /* Check authorizations */ SVN_ERR(must_have_access(conn, pool, b, svn_authz_read, @@ -2603,7 +2635,7 @@ get_locations(svn_ra_svn_conn_t *conn, svn_ra_svn__list_t *loc_revs_proto; svn_ra_svn__item_t *elt; int i; - const char *relative_path; + const char *relative_path, *canonical_path; svn_revnum_t peg_revision; apr_hash_t *fs_locations; const char *abs_path; @@ -2616,7 +2648,9 @@ get_locations(svn_ra_svn_conn_t *conn, SVN_ERR(svn_ra_svn__parse_tuple(params, "crl", &relative_path, &peg_revision, &loc_revs_proto)); - relative_path = svn_relpath_canonicalize(relative_path, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, relative_path, + pool, pool)); + relative_path = canonical_path; abs_path = svn_fspath__join(b->repository->fs_path->data, relative_path, pool); @@ -2702,7 +2736,7 @@ get_location_segments(svn_ra_svn_conn_t svn_error_t *err, *write_err; server_baton_t *b = baton; svn_revnum_t peg_revision, start_rev, end_rev; - const char *relative_path; + const char *relative_path, *canonical_path; const char *abs_path; authz_baton_t ab; @@ -2713,7 +2747,9 @@ get_location_segments(svn_ra_svn_conn_t SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)(?r)(?r)", &relative_path, &peg_revision, &start_rev, &end_rev)); - relative_path = svn_relpath_canonicalize(relative_path, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, relative_path, + pool, pool)); + relative_path = canonical_path; abs_path = svn_fspath__join(b->repository->fs_path->data, relative_path, pool); @@ -2865,6 +2901,7 @@ get_file_revs(svn_ra_svn_conn_t *conn, svn_revnum_t start_rev, end_rev; const char *path; const char *full_path; + const char *canonical_path; apr_uint64_t include_merged_revs_param; svn_boolean_t include_merged_revisions; authz_baton_t ab; @@ -2876,7 +2913,9 @@ get_file_revs(svn_ra_svn_conn_t *conn, SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)(?r)?B", &path, &start_rev, &end_rev, &include_merged_revs_param)); - path = svn_relpath_canonicalize(path, pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); + path = canonical_path; SVN_ERR(trivial_auth_request(conn, pool, b)); full_path = svn_fspath__join(b->repository->fs_path->data, path, pool); @@ -2919,14 +2958,17 @@ lock(svn_ra_svn_conn_t *conn, const char *path; const char *comment; const char *full_path; + const char *canonical_path; svn_boolean_t steal_lock; svn_revnum_t current_rev; svn_lock_t *l; SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?c)b(?r)", &path, &comment, &steal_lock, ¤t_rev)); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool));; full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + canonical_path, pool); SVN_ERR(must_have_access(conn, pool, b, svn_authz_write, full_path, TRUE)); @@ -3018,7 +3060,7 @@ lock_many(svn_ra_svn_conn_t *conn, /* Parse the lock requests from PATH_REVS into TARGETS. */ for (i = 0; i < path_revs->nelts; ++i) { - const char *path, *full_path; + const char *path, *full_path, *canonical_path; svn_revnum_t current_rev; svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(path_revs, i); svn_fs_lock_target_t *target; @@ -3032,9 +3074,10 @@ lock_many(svn_ra_svn_conn_t *conn, SVN_ERR(svn_ra_svn__parse_tuple(&item->u.list, "c(?r)", &path, ¤t_rev)); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + subpool, subpool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, subpool), - pool); + canonical_path, pool); target = svn_fs_lock_target_create(NULL, current_rev, pool); /* Any duplicate paths, once canonicalized, get collapsed into a @@ -3081,7 +3124,7 @@ lock_many(svn_ra_svn_conn_t *conn, /* Return results in the same order as the paths were supplied. */ for (i = 0; i < path_revs->nelts; ++i) { - const char *path, *full_path; + const char *path, *full_path, *canonical_path; svn_revnum_t current_rev; svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(path_revs, i); struct lock_result_t *result; @@ -3093,9 +3136,10 @@ lock_many(svn_ra_svn_conn_t *conn, if (write_err) break; + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + subpool, subpool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, subpool), - subpool); + canonical_path, subpool); result = svn_hash_gets(lmb.results, full_path); if (!result) @@ -3150,14 +3194,16 @@ unlock(svn_ra_svn_conn_t *conn, void *baton) { server_baton_t *b = baton; - const char *path, *token, *full_path; + const char *path, *token, *full_path, *canonical_path; svn_boolean_t break_lock; SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?c)b", &path, &token, &break_lock)); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + canonical_path, pool); /* Username required unless break_lock was specified. */ SVN_ERR(must_have_access(conn, pool, b, svn_authz_write, @@ -3201,7 +3247,7 @@ unlock_many(svn_ra_svn_conn_t *conn, for (i = 0; i < unlock_tokens->nelts; i++) { svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(unlock_tokens, i); - const char *path, *full_path, *token; + const char *path, *full_path, *token, *canonical_path; svn_pool_clear(subpool); @@ -3214,9 +3260,10 @@ unlock_many(svn_ra_svn_conn_t *conn, if (!token) token = ""; + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + subpool, subpool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, subpool), - pool); + canonical_path, pool); /* Any duplicate paths, once canonicalized, get collapsed into a single path that is processed once. The result is then @@ -3261,7 +3308,7 @@ unlock_many(svn_ra_svn_conn_t *conn, /* Return results in the same order as the paths were supplied. */ for (i = 0; i < unlock_tokens->nelts; ++i) { - const char *path, *token, *full_path; + const char *path, *token, *full_path, *canonical_path; svn_ra_svn__item_t *item = &SVN_RA_SVN__LIST_ITEM(unlock_tokens, i); struct lock_result_t *result; @@ -3272,9 +3319,10 @@ unlock_many(svn_ra_svn_conn_t *conn, if (write_err) break; + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + subpool, subpool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, subpool), - pool); + canonical_path, pool); result = svn_hash_gets(lmb.results, full_path); if (!result) @@ -3324,12 +3372,15 @@ get_lock(svn_ra_svn_conn_t *conn, server_baton_t *b = baton; const char *path; const char *full_path; + const char *canonical_path; svn_lock_t *l; SVN_ERR(svn_ra_svn__parse_tuple(params, "c", &path)); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + canonical_path, pool); SVN_ERR(must_have_access(conn, pool, b, svn_authz_read, full_path, FALSE)); @@ -3355,6 +3406,7 @@ get_locks(svn_ra_svn_conn_t *conn, server_baton_t *b = baton; const char *path; const char *full_path; + const char *canonical_path; const char *depth_word; svn_depth_t depth; apr_hash_t *locks; @@ -3378,8 +3430,10 @@ get_locks(svn_ra_svn_conn_t *conn, return log_fail_and_flush(err, b, conn, pool); } + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + canonical_path, pool); SVN_ERR(trivial_auth_request(conn, pool, b)); @@ -3516,15 +3570,17 @@ get_deleted_rev(svn_ra_svn_conn_t *conn, void *baton) { server_baton_t *b = baton; - const char *path, *full_path; + const char *path, *full_path, *canonical_path; svn_revnum_t peg_revision; svn_revnum_t end_revision; svn_revnum_t revision_deleted; SVN_ERR(svn_ra_svn__parse_tuple(params, "crr", &path, &peg_revision, &end_revision)); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + canonical_path, pool); SVN_ERR(log_command(b, conn, pool, "get-deleted-rev")); SVN_ERR(trivial_auth_request(conn, pool, b)); SVN_CMD_ERR(svn_repos_deleted_rev(b->repository->fs, full_path, peg_revision, @@ -3553,7 +3609,7 @@ get_inherited_props(svn_ra_svn_conn_t *c void *baton) { server_baton_t *b = baton; - const char *path, *full_path; + const char *path, *full_path, *canonical_path; svn_revnum_t rev; svn_fs_root_t *root; apr_array_header_t *inherited_props; @@ -3568,9 +3624,10 @@ get_inherited_props(svn_ra_svn_conn_t *c /* Parse arguments. */ SVN_ERR(svn_ra_svn__parse_tuple(params, "c(?r)", &path, &rev)); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + iterpool, iterpool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, iterpool), - pool); + canonical_path, pool); /* Check authorizations */ SVN_ERR(must_have_access(conn, iterpool, b, svn_authz_read, @@ -3643,7 +3700,7 @@ list(svn_ra_svn_conn_t *conn, void *baton) { server_baton_t *b = baton; - const char *path, *full_path; + const char *path, *full_path, *canonical_path; svn_revnum_t rev; svn_depth_t depth; apr_array_header_t *patterns = NULL; @@ -3669,8 +3726,10 @@ list(svn_ra_svn_conn_t *conn, SVN_ERR(parse_dirent_fields(&rb.dirent_fields, dirent_fields_list)); depth = svn_depth_from_word(depth_word); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + pool, pool)); full_path = svn_fspath__join(b->repository->fs_path->data, - svn_relpath_canonicalize(path, pool), pool); + canonical_path, pool); /* Read the patterns list. */ if (patterns_list) @@ -3833,7 +3892,7 @@ find_repos(const char *url, apr_pool_t *result_pool, apr_pool_t *scratch_pool) { - const char *path, *full_path, *fs_path, *hooks_env; + const char *path, *full_path, *fs_path, *hooks_env, *canonical_path; svn_stringbuf_t *url_buf; svn_boolean_t sasl_requested; @@ -3849,8 +3908,9 @@ find_repos(const char *url, if (path == NULL) path = ""; } - path = svn_relpath_canonicalize(path, scratch_pool); - path = svn_path_uri_decode(path, scratch_pool); + SVN_ERR(svn_relpath_canonicalize_safe(&canonical_path, NULL, path, + scratch_pool, scratch_pool)); + path = svn_path_uri_decode(canonical_path, scratch_pool); /* Ensure that it isn't possible to escape the root by disallowing '..' segments. */