[PATCH] clone on Windows: abort on reserved filenames (1st update)

Mads Kiilerich mads at kiilerich.com
Wed Jun 11 18:33:19 CDT 2008


Adrian Buehlmann wrote, On 06/12/2008 12:32 AM:
> http://msdn.microsoft.com/en-us/library/aa365247(VS.85).aspx
>   
...
> The validation I'm trying to insert with this patch happens during
> the transfer phase of the repo data, on the receiving end.
>   
...
>> Perhaps it would be better just to try to create the file, and if it 
>> fails then give a nice message.
>>     
>
> That's what the current code already seems to try to do. And that seems
> not to work (it hangs forever for the aux file case).
>
> Also, some of these special names are devices on Windows. Trying to write
> to them will probably work for some, but not reading back (e.g. NUL).
>
> The thing is that the receiving end of a pull sitting on Windows should
> probably better do some basic validation of the input data it reads from
> the wire. For example, treat it like a user trying to enter "AUX" as a
> file name for storing data. The sending end rightfully does not care what
> the OS on the receiving side is.
>
> In any case, validpathname() can sure be expanded. But detecting those
> obvious reserved names would already be an good improvement over the current
> situation. And this can be done without touching the repository layout.
> Having a directory called "aux" originating from unix is not such an
> extremely rare case.
>
> At least I don't pretend to cover every other odd case with this patch.
>   

Excellent reasoning adressing my concerns - and correcting me where I 
was wrong.

FWIIW I suggest that these intentions and experiences are made more 
explicit in the code.


If I understand it correctly now, then it seems that the patch will make 
it easy to create repositories that never can be cloned on windows 
because of forbidden names in the history. Some kind of encoding or 
_-escaping of these names could perhaps be a convenient alternative...

And _-escaping is currently done on all platforms so that .hg folders 
can be moved between platforms. Shouldn't this black-listing be done on 
all platforms too?

/Mads

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3435 bytes
Desc: S/MIME Cryptographic Signature
Url : http://selenic.com/pipermail/mercurial-devel/attachments/20080612/4c7af8f6/attachment.bin 


More information about the Mercurial-devel mailing list