[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] mod_authz_svn crasher and logic error

From: Robert Spier <rspier_at_pobox.com>
Date: 2003-07-23 00:26:00 CEST

Long(er) Explanation:

  I was getting apache segfaults when users were attempting to perform
  tag operations via copy. After much pain (is this the worker mpm's
  fault? httpd -X seems to be ignored) I was able to track it down to
  mod_authz_svn. r->parsed_uri isn't getting filled out - and
  parsed_dest_uri wasn't being used for anything.. so I used it.
  While making that work, the logic for the strncmp was backwards.


Log Message:

 * mod_authz_svn.c - fix a segfault and a logic error in the MOVE/COPY
   portion of the test (r->parsed_uri was not filled out and order of
   arguments to strncmp is important)

Index: mod_authz_svn.c
--- mod_authz_svn.c (revision 6536)
+++ mod_authz_svn.c (working copy)
@@ -307,8 +307,8 @@
     apr_uri_parse(r->pool, dest_uri, &parsed_dest_uri);
- if (strcmp(parsed_dest_uri.hostname, r->parsed_uri.hostname)
- || strcmp(parsed_dest_uri.scheme, r->parsed_uri.scheme)) {
+ if (strcmp(parsed_dest_uri.hostname, parsed_dest_uri.hostname)
+ || strcmp(parsed_dest_uri.scheme, parsed_dest_uri.scheme)) {
         /* Don't allow this, operation between different
          * XXX: Maybe we should DECLINE instead and rely on mod_dav
          * XXX: throw an error.
@@ -317,7 +317,7 @@
     dest_uri = parsed_dest_uri.path;
- if (!strncmp(conf->base_path, dest_uri, strlen(conf->base_path))) {
+ if (strncmp(dest_uri, conf->base_path, strlen(conf->base_path))) {
         /* If it is not the same location, then we don't allow it.
          * XXX: Instead we could compare repository uuids, but that
          * XXX: seems a bit over the top.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jul 23 00:26:53 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.