danielsh_at_tigris.org writes:
> Log:
> Follow up to r31884 with a NULL check.
>
> Patch by: kfogel
> me
Thanks. (Whew, I totally forgot that I'd never committed that!)
-Karl
> * subversion/libsvn_subr/simple_providers.c
> (simple_password_get): If username is NULL -- which can happen if
> someone manually edits the authn cache -- then return FALSE.
> (svn_auth__simple_first_creds_helper): Don't even try to get a password when
> we don't have a username.
>
> * subversion/include/private/svn_auth_private.h
> (svn_auth__password_get_t): Document that realmstring and username
> really ought not be NULL.
>
> Modified:
> trunk/subversion/include/private/svn_auth_private.h
> trunk/subversion/libsvn_subr/simple_providers.c
>
> Modified: trunk/subversion/include/private/svn_auth_private.h
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/include/private/svn_auth_private.h?pathrev=32023&r1=32022&r2=32023
> ==============================================================================
> --- trunk/subversion/include/private/svn_auth_private.h Mon Jul 7 12:33:07 2008 (r32022)
> +++ trunk/subversion/include/private/svn_auth_private.h Mon Jul 7 12:37:58 2008 (r32023)
> @@ -39,6 +39,7 @@ extern "C" {
> /* A function that stores in *PASSWORD (potentially after decrypting it)
> the user's password. It might be obtained directly from CREDS, or
> from an external store, using REALMSTRING and USERNAME as keys.
> + (The behavior is undefined if REALMSTRING or USERNAME are NULL.)
> If NON_INTERACTIVE is set, the user must not be involved in the
> retrieval process. POOL is used for any necessary allocation. */
> typedef svn_boolean_t (*svn_auth__password_get_t)
>
> Modified: trunk/subversion/libsvn_subr/simple_providers.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_subr/simple_providers.c?pathrev=32023&r1=32022&r2=32023
> ==============================================================================
> --- trunk/subversion/libsvn_subr/simple_providers.c Mon Jul 7 12:33:07 2008 (r32022)
> +++ trunk/subversion/libsvn_subr/simple_providers.c Mon Jul 7 12:37:58 2008 (r32023)
> @@ -67,7 +67,7 @@ simple_password_get(const char **passwor
> svn_string_t *str;
> str = apr_hash_get(creds, SVN_AUTH__AUTHFILE_USERNAME_KEY,
> APR_HASH_KEY_STRING);
> - if (str && strcmp(str->data, username) == 0)
> + if (str && username && strcmp(str->data, username) == 0)
> {
> str = apr_hash_get(creds, SVN_AUTH__AUTHFILE_PASSWORD_KEY,
> APR_HASH_KEY_STRING);
> @@ -152,7 +152,7 @@ svn_auth__simple_first_creds_helper(void
> username = str->data;
> }
>
> - if (! password)
> + if (username && ! password)
> {
> svn_boolean_t have_passtype;
> /* The password type in the auth data must match the
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svn-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: svn-help_at_subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-07-07 21:43:06 CEST