#56 davfs2 fails to properly decode complex escape sequences

closed-fixed
nobody
5
2006-10-18
2006-07-09
joe
No

Hi,

I think I've found a bug in davfs2. When I mount a DAV
volume containing collection names with nested escape
sequences --- for instance, the name 'foo bar%20baz'),
davfs2 decodes the escape sequences, producing the
(incorrect) name 'foo bar baz'.

cadaver and the Windows built-in dav client handle
these dirnames correctly (they show up as 'foo bar%20baz'.

If you look at the network trace, the dirname is
escaped as:

<D:href>/u/testuser/f/foo%20bar%2520baz</D:href>

...the space between 'foo' and 'bar' is escaped to %20
and the '%20' between 'bar' and 'baz' is escaped to
'%2520'. Davfs2 should strip off just one layer of
escaping, yielding 'foo bar%20baz', but it strips off
both layers. I suspect that ne_path_escape might be
being called twice on the same pathname.

I'd be happy to supply any other info that might help.

best,

Joe

Discussion

  • Werner Baumann

    Werner Baumann - 2006-07-10

    Logged In: YES
    user_id=1260327

    He Joe,

    I am not clear about what name is what name, and also what
    version of davfs2 you are using. So please tell me:

    - version of davfs2

    - what is the base URL of your repository (the one you use
    in /etc/fstab, secrets and/or on the commandline when mounting).

    - what is the *real* name of the directory (as it is stored
    on the server and as it should appear when you do a 'ls',
    *not* escaped in any way).

    - what should be the http-escaped url, as it appears on the
    line.

    'foo bar%20baz':

    - is this the real name?

    - is the real name 'foo bar baz' and somebody just escaped
    one of the spaces?

    - did you use this name when mounting (e.g
    mount.davfs "http://server.domain/u/testuser/f/foo
    bar%20baz/" /mnt )?

    - or did you use this name with some file command (e.g.
    ls "/mnt/foo bar%20baz"?

    The - intended - logic of davfs2 concerning escapes:

    davfs2 assumes that urls in fstab, secrets and the one used
    together with the mount programm, may be http-escaped (this
    is necessary as fstab does not allow spaces). It will
    un-escape these urls and use the unescaped version internally.

    Any other file and directory names must never be escaped
    ('foo bar%20baz' is a legal file name), so davfs2 will never
    unescape them.

    After concatenating the url from the unescaped components,
    davfs2 will allways http-escape them before sending the
    request to the server.

    Every url in a response from the server will be
    http-un-escaped, because it might be escaped.

    This is the intended behaviour. If davfs2 does something
    else it is a bug.

    Greetings
    Werner

     
  • joe

    joe - 2006-07-10

    Logged In: YES
    user_id=1285057

    Hi Werner,

    Thanks for the reply. Here are the details you requested:

    I'm using davfs2 on Debian, version 1.0.2:

    $ /sbin/mount.davfs -V
    mount.davfs: davfs2 1.0.2 <http://dav.sourceforge.net>

    It depends on libneon25, of which I have version 0.25.5.dfsg-5.

    I encountered the bug using an experimental DAV server, but I'll
    switch to the apache mod_dav (1.0.3-10, on apache 1.3.34-2)
    to make
    things more obviously reproducable:

    Dav base URL is

    http://name-of-the-server.removed:80/dav

    Real name of the directory, when I do an 'ls', not escaped
    in any way is:

    drwxr-xr-x 2 root root 4096 Jul 10 12:20 foo
    bar%20baz

    The name should appear as it does in cadaver. In cadaver, it
    looks like this:

    Coll: foo bar%20baz 0 Jul 10 12:20

    I'm not precisely sure what you mean by "is the real name
    'foo bar
    baz' and somebody just escaped one of the spaces?" The exact
    name, as
    the OS has it, is the string
    "foo<space>bar<percent sign><literal 2><literal 0>baz".

    The escaped dirname is not part of the URL I used to mount the
    volume. It's a subdir of that volume.

    Interestingly, I can't actually cd to the directory in davfs2.
    If I ls it,
    it appears (incorrectly) as
    drwxr-xr-x 2 root root 1024 Jul 10 12:20 foo bar baz

    I can cd to "foo bar baz", but it appears to be empty from
    within
    davfs2:

    $ cd "foo bar baz"
    $ ls -l
    total 0
    $

    If I look at the network trace, davfs2 does a PROPFIND on
    "foo bar baz":

    PROPFIND /dav/foo%20bar%20baz/ HTTP/1.1

    ...and, of course, gets a 404, because no such directory
    exists. I quote:

    "The requested URL /dav/foo bar baz/ was not found on this
    server.<P>"

    If I try to cd to the actual dir name, davfs2 refuses
    $ cd "foo bar%20baz"
    -bash: cd: foo bar%20baz: No such file or directory
    $

    I don't see a specific request for that on the network
    trace; it looks
    like davfs2 does a propfind on /dav (the directory where
    "foo bar%20baz"
    lives), but doesn't try anything on "foo bar%20baz" itself
    before reporting failure.

    In cadaver, I can cd to the dir successfully:

    dav:/dav/> cd "foo bar%20baz"
    dav:/dav/foo bar%20baz/> ls
    Listing collection `/dav/foo%20bar%2520baz/': succeeded.
    frob baz%20quux 0 Jul 10 12:20

    Note that there is a single zero-length item inside the dir,
    called
    "frob baz%20quux".

    I think there may be a bug where the dirname "foo bar%20baz"
    is being
    unescaped twice. As such, when davfs2 asks for the
    twice-unescaped
    names from the server, the server refuses, because "foo
    bar%20baz" is
    not the same dirname as "foo bar baz".

    best regards,

    Joe

     
  • joe

    joe - 2006-07-10

    comment 2, with proper linebreaks

     
  • joe

    joe - 2006-07-10

    Logged In: YES
    user_id=1285057

    Apologies for the funny linebreaks in my reply. I'm not sure
    if that's my fault or SF's. Either way, I've attached a text
    file with my message that shouldn't have any extra linebreaks.

     
  • Werner Baumann

    Werner Baumann - 2006-07-11

    Logged In: YES
    user_id=1260327

    Hello Joe,

    thanks for your detailed report. Now I understand and I
    could easily find the bug.

    As you supected in your first report davfs2 erroneously
    http-unescaped href twice.

    The bug is fixed in the CVS repositiry in branch MAIN. I
    also created a patch file for the davfs2-1.02 source
    package. You will find it at
    http://sourceforge.net/tracker/index.php?func=detail&aid=1520685&group_id=26275&atid=386749

    As I am still doing many changes on davfs2-1.0.x, there
    propably won't be a new Debian package soon. So you might
    use the Debian sourge package, apply the patch and build the
    package.
    Or you may build the programm from the sources in the CVS
    repositiory. In this case I must warn you, as I did a lot of
    changes that are not well tested. So you might find a lot
    more bugs, using the sources from CVS.

    But as I assume there are far more bugs in davfs2 than bug
    reports, I would like to get another bug report from you.

    Greetings
    Werner

     
  • joe

    joe - 2006-07-11

    Logged In: YES
    user_id=1285057

    Thanks for the fix and the patch! I'll be sure to report any
    additional bugs I find. best, Joe

     
  • Werner Baumann

    Werner Baumann - 2006-10-18
    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks