continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett Porter (JIRA)" <j...@codehaus.org>
Subject [jira] Updated: (CONTINUUM-2577) Subversion login and password are not properly escaped in svn shell invocation from release prepare
Date Fri, 19 Nov 2010 05:19:03 GMT

     [ http://jira.codehaus.org/browse/CONTINUUM-2577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brett Porter updated CONTINUUM-2577:
------------------------------------

    Fix Version/s: 1.4.1 (Beta)

> Subversion login and password are not properly escaped in svn shell invocation from release
prepare
> ---------------------------------------------------------------------------------------------------
>
>                 Key: CONTINUUM-2577
>                 URL: http://jira.codehaus.org/browse/CONTINUUM-2577
>             Project: Continuum
>          Issue Type: Bug
>         Environment: Linux
>            Reporter: Olivier Dehon
>             Fix For: 1.4.1 (Beta)
>
>
> When preparing a release, if the user mistypes their
> subversion password and adds a backslash at the end, then the release
> prepare phase gets stuck in the "update-working-copy" (the first) step.
> This is because the svn command issued by continuum is:
>  
> svn --username xxxxx --password abcdef\ --non-interactive ...
> which means that the space between the password and the space before the
> --non-interactive option is escaped, which in turn means that this
> option is not seen at all, and since the password is incorrect, it goes
> ahead and tries to prompt the user for their correct password in the
> command line, so the process hangs (found that by running a:
> ps -edf | grep svn
> on the server).
> The username and password should be shell-escaped to avoid this. (Imagine
> the disaster if the user enters a password ";my-malicious-command" )

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message