Dodgy ssl code

From: Philip Martin <philip_at_codematters.co.uk>
Date: 2003-03-26 23:52:30 CET

Hello

I noticed the following while preparing r5480.

The functions server_ssl_callback, client_ssl_keypw_callback,
client_ssl_callback in libsvn_ra_dav/session.c don't handle errors
properly. They all call svn_auth_xxx functions and ignore any
svn_error_t* that is returned. This has two problems: the first is
that there is a resource leak because svn_error_clear is not called.
The second is more serious, if an error is returned it is foolish to
assume that the credentials are valid, the pointer may be invalid and
using it may cause a SEGV.

-- 
Philip Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Wed Mar 26 23:53:13 2003

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: svn commit: rev 5476 - in trunk/subversion: bindings/ruby clients/cmdline include libsvn_fs libsvn_fs/bdb libsvn_fs/util libsvn_ra_dav libsvn_ra_svn libsvn_repos libsvn_subr mod_dav_svn tests/libsvn_fs"
Previous message: Matt Kraai: "Re: [Issue 1160] Changed - svnserve crashes while client is doing a merge"
Next in thread: Ben Collins-Sussman: "Re: Dodgy ssl code"
Reply: Ben Collins-Sussman: "Re: Dodgy ssl code"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]