Re: "util.c' line 96: assertion failed" when repository URL has "username:password@"
On 20.04.2023 00:13, Daniel Sahlberg wrote:
On 2021/07/27 20:02:04 Pavel Lyalyakin wrote:
Hello,
Is it supported to enter "username:password@" in the URL with the SVN
command-line client?
The SVN client crashes when I run the following command:
[[[
svn infohttps://username:passw...@svn.apache.org/repos/asf/subversion/trunk
]]]
[[[
svn: E235000: In file '..\..\..\subversion\libsvn_client\util.c' line 96:
assertion failed (svn_uri__is_ancestor(pathrev->repos_root_url, url))
]]]
svn, version 1.14.1 (r1886195) on Windows.
Found this athttps://stackoverflow.com/q/68502915/761095.
Based on me digging around in GDB and in the source hunting for a similar
assert, I'm guessing that uri_skip_ancestor doesn't account for the
username/password in the URL:
[[[
uri_skip_ancestor(const char *parent_uri,
const char *child_uri)
{
apr_size_t len = strlen(parent_uri);
if (0 != strncmp(parent_uri, child_uri, len))
return NULL; /* parent_uri is no ancestor of child_uri */
]]]
By code inspection, I believe parent_uri comes from svn_ra_get_repos_root2 and
child_uri comes from the command line URL. I'm guessing the second still
contains the username/password while the first one doesn't, so obviously the
strncmp doesn't think they are equal.
I'm not sure where the correct place would be to filter out the
username/password. It could surely be done in uri_skip_ancestor but I also
think there is already code to do this somewhere.
We don't support that in URLs because they're stored all over the place
in the working copy in the clear. We could (should?) report a better
error, but not actually support having passwords in the repository URL.
-- Brane
Re: "util.c' line 96: assertion failed" when repository URL has "username:password@"
On 2021/07/27 20:02:04 Pavel Lyalyakin wrote:
> Hello,
>
> Is it supported to enter "username:password@" in the URL with the SVN
> command-line client?
>
> The SVN client crashes when I run the following command:
> [[[
> svn info https://username:passw...@svn.apache.org/repos/asf/subversion/trunk
> ]]]
>
> [[[
> svn: E235000: In file '..\..\..\subversion\libsvn_client\util.c' line 96:
> assertion failed (svn_uri__is_ancestor(pathrev->repos_root_url, url))
> ]]]
>
> svn, version 1.14.1 (r1886195) on Windows.
>
> Found this at https://stackoverflow.com/q/68502915/761095.
>
Based on me digging around in GDB and in the source hunting for a similar
assert, I'm guessing that uri_skip_ancestor doesn't account for the
username/password in the URL:
[[[
uri_skip_ancestor(const char *parent_uri,
const char *child_uri)
{
apr_size_t len = strlen(parent_uri);
if (0 != strncmp(parent_uri, child_uri, len))
return NULL; /* parent_uri is no ancestor of child_uri */
]]]
By code inspection, I believe parent_uri comes from svn_ra_get_repos_root2 and
child_uri comes from the command line URL. I'm guessing the second still
contains the username/password while the first one doesn't, so obviously the
strncmp doesn't think they are equal.
I'm not sure where the correct place would be to filter out the
username/password. It could surely be done in uri_skip_ancestor but I also
think there is already code to do this somewhere.
Kind regards,
Daniel
Re: "util.c' line 96: assertion failed" when repository URL has "username:password@"
Pavel Lyalyakin wrote on Tue, Jul 27, 2021 at 23:02:04 +0300: > Is it supported to enter "username:password@" in the URL with the SVN > command-line client? > I think that's supported, but not recommended because on some platforms argv are visible to all users. In any case, invalid user input should never result in an assert, so this is a bug, period. Sorry for our late answer. Daniel > The SVN client crashes when I run the following command: > [[[ > svn info https://username:passw...@svn.apache.org/repos/asf/subversion/trunk > ]]] > > [[[ > svn: E235000: In file '..\..\..\subversion\libsvn_client\util.c' line 96: > assertion failed (svn_uri__is_ancestor(pathrev->repos_root_url, url)) > ]]] > > svn, version 1.14.1 (r1886195) on Windows. > > Found this at https://stackoverflow.com/q/68502915/761095.
