[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Dodgy ssl code

From: Philip Martin <philip_at_codematters.co.uk>
Date: 2003-03-26 23:52:30 CET

Hello

I noticed the following while preparing r5480.

The functions server_ssl_callback, client_ssl_keypw_callback,
client_ssl_callback in libsvn_ra_dav/session.c don't handle errors
properly. They all call svn_auth_xxx functions and ignore any
svn_error_t* that is returned. This has two problems: the first is
that there is a resource leak because svn_error_clear is not called.
The second is more serious, if an error is returned it is foolish to
assume that the credentials are valid, the pointer may be invalid and
using it may cause a SEGV.

-- 
Philip Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 26 23:53:13 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.