Julian Foad
2018-11-15 08:38:28 UTC
SVN-4788: DAV doesn't handle control characters in paths
https://issues.apache.org/jira/browse/SVN-4788
If a path with a control character exists in the HEAD revision, operations involving this path will fail over DAV, until the offending path has been removed with 'svn rm'.
This bug was initially being tracked as a security issue CVE-2018-1293. Per recommendation of the Apache Security team, this problem is now being treated as a non-security issue. The impact is a DoS which can only be triggered by an authenticated attacker, and is easily resolved with 'svn rm'.
Philip developed a test and a fix (working but incomplete) which is now being developed in public on the 'dav-path-escape' branch.
Branch creation, with the fix in progress:
https://svn.apache.org/r1846391
Description of the fix on the branch:
https://svn.apache.org/repos/asf/subversion/branches/dav-path-escape/BRANCH-README
"This branch aims to transport control characters in paths over DAV. ..."
https://issues.apache.org/jira/browse/SVN-4788
If a path with a control character exists in the HEAD revision, operations involving this path will fail over DAV, until the offending path has been removed with 'svn rm'.
This bug was initially being tracked as a security issue CVE-2018-1293. Per recommendation of the Apache Security team, this problem is now being treated as a non-security issue. The impact is a DoS which can only be triggered by an authenticated attacker, and is easily resolved with 'svn rm'.
Philip developed a test and a fix (working but incomplete) which is now being developed in public on the 'dav-path-escape' branch.
Branch creation, with the fix in progress:
https://svn.apache.org/r1846391
Description of the fix on the branch:
https://svn.apache.org/repos/asf/subversion/branches/dav-path-escape/BRANCH-README
"This branch aims to transport control characters in paths over DAV. ..."
--
- Julian
- Julian