Edgewall Software

Opened 5 years ago

Closed 5 years ago

#12404 closed defect (duplicate)

TypeError: must be string without null bytes, not str

Reported by: Ryan J Ollos Owned by:
Priority: normal Milestone:
Component: version control Version:
Severity: normal Keywords: svn
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:


From the logs:

[pid 17754 139730844530432] 2016-03-14 23:16:44,080 Trac[main] ERROR: Internal Server Error: <RequestWithSession "GET '/changeset?new_path=tags/trac-<%00ScRiPt%20%0d%0a>prompt(980706)</ScRiPt>&old_path=tags/trac-0.11.2'">, referrer 'http://trac.edgewall.org/'
Traceback (most recent call last):
  File "/usr/local/virtualenv/1.1dev/lib/python2.7/site-packages/trac/web/main.py", line 607, in _dispatch_request
  File "/usr/local/virtualenv/1.1dev/lib/python2.7/site-packages/trac/web/main.py", line 256, in dispatch
    resp = chosen_handler.process_request(req)
  File "/usr/local/virtualenv/1.1dev/lib/python2.7/site-packages/trac/versioncontrol/web_ui/changeset.py", line 351, in process_request
    self._render_html(req, repos, chgset, restricted, data)
  File "/usr/local/virtualenv/1.1dev/lib/python2.7/site-packages/trac/versioncontrol/web_ui/changeset.py", line 578, in _render_html
    diff_changes = list(get_changes())
  File "/usr/local/virtualenv/1.1dev/lib/python2.7/site-packages/trac/versioncontrol/web_ui/changeset.py", line 476, in get_changes
    old_path=data['old_path'], old_rev=data['old_rev']):
  File "/usr/local/virtualenv/1.1dev/lib/python2.7/site-packages/tracopt/versioncontrol/svn/svn_fs.py", line 693, in get_changes
    if self.has_node(new_path, new_rev):
  File "/usr/local/virtualenv/1.1dev/lib/python2.7/site-packages/tracopt/versioncontrol/svn/svn_fs.py", line 413, in has_node
    node_type = fs.check_path(rev_root, _to_svn(pool(), self.scope, path),
  File "/usr/local/virtualenv/1.1dev/lib/python2.7/site-packages/tracopt/versioncontrol/svn/svn_fs.py", line 96, in _to_svn
  File "/usr/lib/python2.7/dist-packages/libsvn/core.py", line 4781, in svn_path_canonicalize
    return _core.svn_path_canonicalize(*args)
TypeError: must be string without null bytes, not str

Attachments (0)

Change History (2)

comment:1 by Jun Omae, 5 years ago

Null byte attack, the same issue as #12403. See also, proposed patch in comment:2:ticket:12403.

comment:2 by Ryan J Ollos, 5 years ago

Milestone: next-stable-1.0.x
Resolution: duplicate
Status: newclosed

Thanks. Tons of stuff in the logs the past two days. I guess someone is trying to attack us.

Modify Ticket

Change Properties
Set your email in Preferences
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none) to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.