[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Better handling of wrong passwords or no passwords for client certificates.

From: Ben Reser <ben_at_reser.org>
Date: 2003-11-27 06:01:24 CET

* subversion/libsvn_ra_dav/session.c
  (client_ssl_callback): Check return value of ne_ssl_clicert_decrypt.
  If the wrong password is given to decrypt then ne_ssl_set_clicert will
  segfault.

  (client_ssl_callback): When returning due to lack of password or
  bad password be sure to still destroy the pool.

Index: subversion/libsvn_ra_dav/session.c
===================================================================
--- subversion/libsvn_ra_dav/session.c (revision 7859)
+++ subversion/libsvn_ra_dav/session.c (working copy)
@@ -289,9 +289,16 @@
               char pw[128];
               if (client_ssl_keypw_callback(userdata, pw, 128))
                 {
- return; /* no password given */
+ /* no password given */
+ apr_pool_destroy(pool);
+ return;
                 }
- ne_ssl_clicert_decrypt(clicert, pw);
+ if (ne_ssl_clicert_decrypt(clicert, pw))
+ {
+ /* wrong pass probably */
+ apr_pool_destroy(pool);
+ return;
+ }
               ne_ssl_set_clicert(sess, clicert);
             }
           else if (clicert != NULL)

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Nov 27 06:18:58 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.