powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
678 Commits
1 Branch
0 Tags
390 MiB
Tree: deeabdce5d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'deeabdce5d'
${ noResults }
base/SOURCES/subversion-1.7.14-CVE-2014-...

55 lines
2.1 KiB
Raw Normal View History Unescape

subversion package update Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
6 years ago
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8108
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
--- subversion-1.7.14/subversion/mod_dav_svn/repos.c.cve8108
+++ subversion-1.7.14/subversion/mod_dav_svn/repos.c
@@ -506,6 +506,9 @@ parse_vtxnstub_uri(dav_resource_combined
if (parse_txnstub_uri(comb, path, label, use_checked_in))
return TRUE;
+ if (!comb->priv.root.txn_name)
+ return TRUE;
+
comb->priv.root.vtxn_name = comb->priv.root.txn_name;
comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos,
comb->priv.root.vtxn_name);
@@ -574,6 +577,9 @@ parse_vtxnroot_uri(dav_resource_combined
if (parse_txnroot_uri(comb, path, label, use_checked_in))
return TRUE;
+ if (!comb->priv.root.txn_name)
+ return TRUE;
+
comb->priv.root.vtxn_name = comb->priv.root.txn_name;
comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos,
comb->priv.root.vtxn_name);
@@ -919,6 +925,10 @@ prep_working(dav_resource_combined *comb
point. */
if (txn_name == NULL)
{
+ if (!comb->priv.root.activity_id)
+ return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0,
+ "The request did not specify an activity ID");
+
txn_name = dav_svn__get_txn(comb->priv.repos,
comb->priv.root.activity_id);
if (txn_name == NULL)
@@ -1029,8 +1039,13 @@ prep_working(dav_resource_combined *comb
static dav_error *
prep_activity(dav_resource_combined *comb)
{
- const char *txn_name = dav_svn__get_txn(comb->priv.repos,
- comb->priv.root.activity_id);
+ const char *txn_name;
+
+ if (!comb->priv.root.activity_id)
+ return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0,
+ "The request did not specify an activity ID");
+
+ txn_name = dav_svn__get_txn(comb->priv.repos, comb->priv.root.activity_id);
comb->priv.root.txn_name = txn_name;
comb->res.exists = txn_name != NULL;