[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] mod_authz_svn crasher and logic error

From: Robert Spier <rspier_at_pobox.com>
Date: 2003-07-23 05:48:35 CEST

Sander (et al.)

  Apache 2.0.47 doesn't provide enough information to apr_parse_uri so
  it can parse something useful out of all uris. (see below)

  so.. this comparision will blow up:

     if (strcmp(parsed_dest_uri.hostname, r->parsed_uri.hostname)
        || strcmp(parsed_dest_uri.scheme, r->parsed_uri.scheme)) {

  hostname and scheme happen to be two that we don't necessarily get.

  so theres the following patch -- but I'm not sure I like it. It
  basically just falls through if it doesn't receive a hostname or
  scheme from apache. We could get the hostname from r->hostname, but
  this may have different meaning.

  Is there some deep apache juju that I'm missing?

-R

 * mod_authz_svn.c - fix a segfault and a logic error in the MOVE/COPY
   portion of the test (r->parsed_uri was not filled out and order of
   arguments to strncmp is important)

Index: mod_authz_svn.c
===================================================================
--- mod_authz_svn.c (revision 6536)
+++ mod_authz_svn.c (working copy)
@@ -307,8 +307,10 @@
 
     apr_uri_parse(r->pool, dest_uri, &parsed_dest_uri);
 
- if (strcmp(parsed_dest_uri.hostname, r->parsed_uri.hostname)
- || strcmp(parsed_dest_uri.scheme, r->parsed_uri.scheme)) {
+ if ((r->parsed_uri.hostname &&
+ strcmp(parsed_dest_uri.hostname, r->parsed_uri.hostname)) ||
+ (r->parsed_uri.scheme &&
+ strcmp(parsed_dest_uri.scheme, r->parsed_uri.scheme))) {
         /* Don't allow this, operation between different
         hosts/schemes.
          * XXX: Maybe we should DECLINE instead and rely on mod_dav
            to
          * XXX: throw an error.
@@ -317,7 +319,7 @@
     }
 
     dest_uri = parsed_dest_uri.path;
- if (!strncmp(conf->base_path, dest_uri, strlen(conf->base_path)))
     {
+ if (strncmp(dest_uri, conf->base_path, strlen(conf->base_path)))
     {
         /* If it is not the same location, then we don't allow it.
          * XXX: Instead we could compare repository uuids, but that
          * XXX: seems a bit over the top.

  

# r at entry to mod_authz_svn.c:auth_checker

$1 = {pool = 0x815bfb0, connection = 0x8144c58, server = 0x8103010,
  next = 0x0, prev = 0x0, main = 0x0,
  the_request = 0x815cca8 "PROPFIND /test/!svn/vcc/default HTTP/1.1",
  assbackwards = 0, proxyreq = 0, header_only = 0,
  protocol = 0x815cd50 "HTTP/1.1", proto_num = 1001,
  hostname = 0x815d3e0 "svn.test.org", request_time = 1058930544891680,
  status_line = 0x0, status = 200, method = 0x815ccf8 "PROPFIND",
  method_number = 8, allowed = 0, allowed_xmethods = 0x0,
  allowed_methods = 0x815c168, sent_bodyct = 0, bytes_sent = 0, mtime = 0,
  chunked = 0, range = 0x0, clength = 0, remaining = 0, read_length = 0,
  read_body = 0, read_chunked = 0, expecting_100 = 0, headers_in = 0x815c198,
  headers_out = 0x815c628, err_headers_out = 0x815c7d0,
  subprocess_env = 0x815c3e0, notes = 0x815c928, content_type = 0x0,
  handler = 0x0, content_encoding = 0x0, content_languages = 0x0,
  vlist_validator = 0x0, user = 0x815da10 "robert",
  ap_auth_type = 0x809c8e3 "Basic", no_cache = 0, no_local_copy = 0,
  unparsed_uri = 0x815cd20 "/test/!svn/vcc/default",
  uri = 0x815cd38 "/test/!svn/vcc/default",
  filename = 0x815d6f0 "/home/web/svn/htdocs/test",
  canonical_filename = 0x815d6f0 "/home/web/svn/htdocs/test",
  path_info = 0x815d651 "/!svn/vcc/default", args = 0x0, finfo = {
    pool = 0x815bfb0, valid = 7598448, protection = 1877,
    filetype = APR_NOFILE, user = 0, group = 0, inode = 1130586,
    device = 2055, nlink = 3, size = 4096, csize = 135646535,
    atime = 1058928852000000, mtime = 1053496878000000,
    ctime = 1053496878000000, fname = 0x815d6f0 "/home/web/svn/htdocs/test",
    name = 0x815cd38 "/test/!svn/vcc/default", filehand = 0x8103010},
  parsed_uri = {scheme = 0x0, hostinfo = 0x0, user = 0x0, password = 0x0,
    hostname = 0x0, port_str = 0x815d3f9 "8888",
    path = 0x815cd38 "/test/!svn/vcc/default", query = 0x0, fragment = 0x0,
    hostent = 0x0, port = 8888, is_initialized = 1, dns_looked_up = 0,
    dns_resolved = 0}, used_path_info = 2, per_dir_config = 0x815d8a0,
  request_config = 0x815ca80, htaccess = 0x0, output_filters = 0x815cc38,
  input_filters = 0x815cc20, proto_output_filters = 0x815cc38,
  proto_input_filters = 0x815cc20, eos_sent = 0}

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jul 23 05:49:28 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.