mod_dav_svn consumed all memory during a large commit upload and crashed my linux server

My linux server recently crashed during the commit upload of a very
large subversion repository (300MB of source code) over http with
mod_dav_svn. The server crashed because memory use suddenly expanded
exponentially and I am certain that the subversion application caused
the spike in memory usage and the resulting crash. I am running version
1.6.6 (r40053) of subversion and mod_dav_svn on a CentOS 5.4 server.
You can view a graph of the memory usage of my server during this event at:

http://dickens.com/images/svn-memory-crash.png

You can see the memory consumption start to increase at approximately
5:30PM and the machine subsequently ran out of memory, seized up and
crashed at approximately 6:00PM. The memory consumption on this graph
coincides exactly with the commit of a very large subversion repository
over http using mod_dav_svn. FWIW, the commit upload was from a slow
(3MB) DSL connection.

So, my questions are:

1) Is this a known bug in Subversion 1.6.6? I have found references to
this bug in earlier versions but I cannot find any reference to this in
version 1.6.6.

2) What is the recommended fix for this bug, band-aids or otherwise? How
do I protect my server from this happening again?

3) Is the following exploit, that takes advantage of this bug in earlier
versions of subversion, still a problem for version 1.6.6?:

http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&viewType=browseAll&dsMessageId=2358435#messagefocus
http://milw0rm.com/exploits/8842

Many thanks for any replies,

Gordon Dickens

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2413861

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-11-02 17:09:02 CET