Re: SHA-1 collision in repository?

2018-03-08 Thread Stefan Sperling
Thank you, Melissa, for tracking this down! Your effort is very much appreciated. Cheers, Stefan On Wed, Mar 07, 2018 at 11:18:43PM +, Philip Martin wrote: > [Moving this to the dev@s.a.o list.] > > Well done! It looks like you have identified a serious bug here. The > function

Re: SHA-1 collision in repository?

2018-03-08 Thread Philip Martin
Philip Martin writes: > https://issues.apache.org/jira/browse/SVN-4722 I've proposed a fix in STATUS. -- Philip

Re: SHA-1 collision in repository?

2018-03-08 Thread Philip Martin
Nathan Hartman writes: > Is it possible and does it make sense to always continue reading until > EOF, when the read is either 0 or < 16k? In other words to eliminate > the comparison against the expanded size? I believe setting the expanded size correctly is the only

Re: SHA-1 collision in repository?

2018-03-08 Thread Philip Martin
Julian Foad writes: > Please would you file this issue in the issue tracker so I can give > outsiders a reference to it? https://issues.apache.org/jira/browse/SVN-4722 My reproduction doesn't trigger the bug in 1.8 but that seems to be because 1.8 has some other problem

Re: SHA-1 collision in repository?

2018-03-08 Thread Julian Foad
Please would you file this issue in the issue tracker so I can give outsiders a reference to it? - Julian Philip Martin wrote: Philip Martin writes: svn cat http://svn.apache.org/repos/asf/subversion/trunk/INSTALL@1826165 > f1 (for i in `seq 0 8712`;do echo

Re: SHA-1 collision in repository?

2018-03-08 Thread Julian Foad
Please would you file this issue in the issue tracker so I can give outsiders a reference to it? - Julian Philip Martin wrote: Philip Martin writes: svn cat http://svn.apache.org/repos/asf/subversion/trunk/INSTALL@1826165 > f1 (for i in `seq 0 8712`;do echo

Re: SHA-1 collision in repository?

2018-03-07 Thread Philip Martin
Philip Martin writes: > svn cat http://svn.apache.org/repos/asf/subversion/trunk/INSTALL@1826165 > f1 > (for i in `seq 0 8712`;do echo -n $i;done && echo -n 1) > f1 > svnadmin create repo > svnmucc -mm -U file://`pwd`/repo put f1 f > svnmucc -mm -U

Re: SHA-1 collision in repository?

2018-03-07 Thread Philip Martin
Philip Martin writes: > (for i in `seq 0 8712`;do echo -n $i;done && echo -n 1) > f1 Oops, that should be > f2 -- Philip

Re: SHA-1 collision in repository?

2018-03-07 Thread Philip Martin
Nathan Hartman writes: > That makes me wonder why this has not triggered more frequently for > users? Is there some obscure set of circumstances that triggers this > code path in this particular way? If so, can a test be added to the > test suite to prevent this sort of

Re: SHA-1 collision in repository?

2018-03-07 Thread Nathan Hartman
On Mar 7, 2018, at 6:18 PM, Philip Martin wrote: > > [Moving this to the dev@s.a.o list.] > > Well done! It looks like you have identified a serious bug here. The > function svn_fs_fs__get_contents_from_file() that was recently added to > 1.9 for the SHA1 collision

Re: SHA-1 collision in repository?

2018-03-07 Thread Philip Martin
[Moving this to the dev@s.a.o list.] Well done! It looks like you have identified a serious bug here. The function svn_fs_fs__get_contents_from_file() that was recently added to 1.9 for the SHA1 collision detection so the code is new and it is also different from that on trunk. Your proposed