# ./pullrev.sh 1667246 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0248 http://svn.apache.org/viewvc?view=revision&revision=1667246 --- subversion-1.7.14/subversion/mod_dav_svn/reports/get-location-segments.c +++ subversion-1.7.14/subversion/mod_dav_svn/reports/get-location-segments.c @@ -181,17 +181,36 @@ "Not all parameters passed.", SVN_DAV_ERROR_NAMESPACE, SVN_DAV_ERROR_TAG); - if (SVN_IS_VALID_REVNUM(start_rev) - && SVN_IS_VALID_REVNUM(end_rev) - && (end_rev > start_rev)) + + /* No START_REV or PEG_REVISION? We'll use HEAD. */ + if (!SVN_IS_VALID_REVNUM(start_rev) || !SVN_IS_VALID_REVNUM(peg_revision)) + { + svn_revnum_t youngest; + + serr = svn_fs_youngest_rev(&youngest, resource->info->repos->fs, + resource->pool); + if (serr != NULL) + return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR, + "Could not determine youngest revision", + resource->pool); + + if (!SVN_IS_VALID_REVNUM(start_rev)) + start_rev = youngest; + if (!SVN_IS_VALID_REVNUM(peg_revision)) + peg_revision = youngest; + } + + /* No END_REV? We'll use 0. */ + if (!SVN_IS_VALID_REVNUM(end_rev)) + end_rev = 0; + + if (end_rev > start_rev) return dav_svn__new_error_tag(resource->pool, HTTP_BAD_REQUEST, 0, "End revision must not be younger than " "start revision", SVN_DAV_ERROR_NAMESPACE, SVN_DAV_ERROR_TAG); - if (SVN_IS_VALID_REVNUM(peg_revision) - && SVN_IS_VALID_REVNUM(start_rev) - && (start_rev > peg_revision)) + if (start_rev > peg_revision) return dav_svn__new_error_tag(resource->pool, HTTP_BAD_REQUEST, 0, "Start revision must not be younger than " "peg revision", --- subversion-1.7.14/subversion/svnserve/serve.c +++ subversion-1.7.14/subversion/svnserve/serve.c @@ -2266,10 +2266,31 @@ abs_path = svn_fspath__join(b->fs_path->data, relative_path, pool); - if (SVN_IS_VALID_REVNUM(start_rev) - && SVN_IS_VALID_REVNUM(end_rev) - && (end_rev > start_rev)) + SVN_ERR(trivial_auth_request(conn, pool, b)); + SVN_ERR(log_command(baton, conn, pool, "%s", + svn_log__get_location_segments(abs_path, peg_revision, + start_rev, end_rev, + pool))); + + /* No START_REV or PEG_REVISION? We'll use HEAD. */ + if (!SVN_IS_VALID_REVNUM(start_rev) || !SVN_IS_VALID_REVNUM(peg_revision)) { + svn_revnum_t youngest; + + SVN_CMD_ERR(svn_fs_youngest_rev(&youngest, b->fs, pool)); + + if (!SVN_IS_VALID_REVNUM(start_rev)) + start_rev = youngest; + if (!SVN_IS_VALID_REVNUM(peg_revision)) + peg_revision = youngest; + } + + /* No END_REV? We'll use 0. */ + if (!SVN_IS_VALID_REVNUM(end_rev)) + end_rev = 0; + + if (end_rev > start_rev) + { err = svn_error_createf(SVN_ERR_INCORRECT_PARAMS, NULL, "Get-location-segments end revision must not be " "younger than start revision"); @@ -2276,9 +2297,7 @@ return log_fail_and_flush(err, b, conn, pool); } - if (SVN_IS_VALID_REVNUM(peg_revision) - && SVN_IS_VALID_REVNUM(start_rev) - && (start_rev > peg_revision)) + if (start_rev > peg_revision) { err = svn_error_createf(SVN_ERR_INCORRECT_PARAMS, NULL, "Get-location-segments start revision must not " @@ -2286,12 +2305,6 @@ return log_fail_and_flush(err, b, conn, pool); } - SVN_ERR(trivial_auth_request(conn, pool, b)); - SVN_ERR(log_command(baton, conn, pool, "%s", - svn_log__get_location_segments(abs_path, peg_revision, - start_rev, end_rev, - pool))); - /* All the parameters are fine - let's perform the query against the * repository. */