You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
1.1 KiB
30 lines
1.1 KiB
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3528 |
|
|
|
http://subversion.apache.org/security/CVE-2014-3528-advisory.txt |
|
|
|
http://svn.apache.org/viewvc?view=revision&revision=r1615193 |
|
|
|
--- subversion-1.7.14/subversion/libsvn_subr/config_auth.c.cve3528 |
|
+++ subversion-1.7.14/subversion/libsvn_subr/config_auth.c |
|
@@ -90,6 +90,7 @@ svn_config_read_auth_data(apr_hash_t **h |
|
if (kind == svn_node_file) |
|
{ |
|
svn_stream_t *stream; |
|
+ svn_string_t *stored_realm; |
|
|
|
SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool), |
|
_("Unable to open auth file for reading")); |
|
@@ -100,6 +101,12 @@ svn_config_read_auth_data(apr_hash_t **h |
|
apr_psprintf(pool, _("Error parsing '%s'"), |
|
svn_dirent_local_style(auth_path, pool))); |
|
|
|
+ stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY, |
|
+ APR_HASH_KEY_STRING); |
|
+ |
|
+ if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0) |
|
+ *hash = NULL; /* Hash collision, or somebody tampering with storage */ |
|
+ |
|
SVN_ERR(svn_stream_close(stream)); |
|
} |
|
|
|
|