On Wed, Aug 7, 2013 at 1:03 PM, Roderich Schupp <roderich.sch...@gmail.com> wrote: > Err... the cache apr_hash_t by construction cannot contain keys (i.e.paths) > that are not in the authz file also, so is bounded by the size of the > corresponding svn_config_t. In fact, one could precompute the maximal > cache on the first call to svn_repos_authz_check_access() by > iterating over all paths in svn_config_t.
Yes that's true. I know there are people out there with very large authz files though. Your cache isn't going to use much extra memory for most connections. But an attacker can deliberately use more. I agree in many if not most cases that still won't be an issue, but it's an issue that at a minimum we have to point out to our admins. > I see your point. "Clearing the cache" here means a single svn_clear_pool() > call... It's more than that. In the worst case scenario where the users change for every request then you're doing the work to build a cache that's torn down without ever being used.
