On 20.04.2023 00:13, Daniel Sahlberg wrote:
On 2021/07/27 20:02:04 Pavel Lyalyakin wrote:
Hello,
Is it supported to enter "username:password@" in the URL with the SVN
command-line client?
The SVN client crashes when I run the following command:
[[[
svn infohttps://username:passw...@svn.apache.org/repos/asf/subversion/trunk
]]]
[[[
svn: E235000: In file '..\..\..\subversion\libsvn_client\util.c' line 96:
assertion failed (svn_uri__is_ancestor(pathrev->repos_root_url, url))
]]]
svn, version 1.14.1 (r1886195) on Windows.
Found this athttps://stackoverflow.com/q/68502915/761095.
Based on me digging around in GDB and in the source hunting for a similar
assert, I'm guessing that uri_skip_ancestor doesn't account for the
username/password in the URL:
[[[
uri_skip_ancestor(const char *parent_uri,
const char *child_uri)
{
apr_size_t len = strlen(parent_uri);
if (0 != strncmp(parent_uri, child_uri, len))
return NULL; /* parent_uri is no ancestor of child_uri */
]]]
By code inspection, I believe parent_uri comes from svn_ra_get_repos_root2 and
child_uri comes from the command line URL. I'm guessing the second still
contains the username/password while the first one doesn't, so obviously the
strncmp doesn't think they are equal.
I'm not sure where the correct place would be to filter out the
username/password. It could surely be done in uri_skip_ancestor but I also
think there is already code to do this somewhere.
We don't support that in URLs because they're stored all over the place
in the working copy in the clear. We could (should?) report a better
error, but not actually support having passwords in the repository URL.
-- Brane
