https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8108 http://subversion.apache.org/security/CVE-2014-8108-advisory.txt --- subversion-1.7.14/subversion/mod_dav_svn/repos.c.cve8108 +++ subversion-1.7.14/subversion/mod_dav_svn/repos.c @@ -506,6 +506,9 @@ parse_vtxnstub_uri(dav_resource_combined if (parse_txnstub_uri(comb, path, label, use_checked_in)) return TRUE; + if (!comb->priv.root.txn_name) + return TRUE; + comb->priv.root.vtxn_name = comb->priv.root.txn_name; comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos, comb->priv.root.vtxn_name); @@ -574,6 +577,9 @@ parse_vtxnroot_uri(dav_resource_combined if (parse_txnroot_uri(comb, path, label, use_checked_in)) return TRUE; + if (!comb->priv.root.txn_name) + return TRUE; + comb->priv.root.vtxn_name = comb->priv.root.txn_name; comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos, comb->priv.root.vtxn_name); @@ -919,6 +925,10 @@ prep_working(dav_resource_combined *comb point. */ if (txn_name == NULL) { + if (!comb->priv.root.activity_id) + return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0, + "The request did not specify an activity ID"); + txn_name = dav_svn__get_txn(comb->priv.repos, comb->priv.root.activity_id); if (txn_name == NULL) @@ -1029,8 +1039,13 @@ prep_working(dav_resource_combined *comb static dav_error * prep_activity(dav_resource_combined *comb) { - const char *txn_name = dav_svn__get_txn(comb->priv.repos, - comb->priv.root.activity_id); + const char *txn_name; + + if (!comb->priv.root.activity_id) + return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0, + "The request did not specify an activity ID"); + + txn_name = dav_svn__get_txn(comb->priv.repos, comb->priv.root.activity_id); comb->priv.root.txn_name = txn_name; comb->res.exists = txn_name != NULL;