[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Fix integer overflow in svn_auth.h

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2003-10-25 01:57:49 CEST

My compiler (Sun Forte) gave me:

"../../subversion/subversion/libsvn_ra_dav/session.c", line 138: warning:
integer overflow detected: op "<<" (E_INTEGER_OVERFLOW_DETECTED)

session.c line 138 is:

svn_failures |= SVN_AUTH_SSL_OTHER;

SVN_AUTH_SSL_OTHER is defined as (1<<31), which is -2147483648. I think
the or will lose/obscure all of the other status values - which based on
my reading, isn't quite right (and is an overflow condition). So, I think
it should be (1<<30).

But, svn_auth.h has this above the #define's:

 * Note that these values are stored in the on disk auth cache by the
 * SSL server certificate auth provider, so the meaning of these bits
 * must not be changed without careful consideration.

So, what to do? Yet, I propose to change it as follows. -- justin

Index: subversion/include/svn_auth.h
--- subversion/include/svn_auth.h (revision 7517)
+++ subversion/include/svn_auth.h (working copy)
@@ -277,7 +277,7 @@
 #define SVN_AUTH_SSL_EXPIRED (1<<1)
 #define SVN_AUTH_SSL_UNKNOWNCA (1<<3)
-#define SVN_AUTH_SSL_OTHER (1<<31)
+#define SVN_AUTH_SSL_OTHER (1<<30)

 typedef svn_error_t *(*svn_auth_ssl_server_trust_prompt_func_t) (
   svn_auth_cred_ssl_server_trust_t **cred,

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 25 01:58:28 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.