Hello,
I didn't like to commit this just by myself because this is a security
related change. However, It should be ok, but please review. Thanks.
BR, Jani
Log:
With combination mod_dav_svn + mod_authz_svn + SVNParentPath you get
'500 Internal Server Error', when mod_dav_svn's dav_svn_split_uri
originally returned '403 Forbidden'. This happens when you access the
root of SVNParentPath. Replay forward dav_svn_split_uri's return
value iff it won't clash with our access releated return codes.
* subversion/mod_authz_svn/mod_authz_svn.c
(req_check_access): if dav_svn_split_uri's error code didn't clash with
our access related values, replay it forward.
Index: subversion/mod_authz_svn/mod_authz_svn.c
===================================================================
--- subversion/mod_authz_svn/mod_authz_svn.c (revision 11042)
+++ subversion/mod_authz_svn/mod_authz_svn.c (working copy)
@@ -366,7 +366,9 @@
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"%s [%d, #%d]",
dav_err->desc, dav_err->status, dav_err->error_id);
- return HTTP_INTERNAL_SERVER_ERROR;
+ /* Ensure that we never allow access by dav_err->status */
+ return (dav_err->status != OK && dav_err->status != DECLINED) ?
+ dav_err->status : HTTP_INTERNAL_SERVER_ERROR;
}
/* Ignore the URI passed to MERGE, like mod_dav_svn does.
@@ -417,7 +419,9 @@
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"%s [%d, #%d]",
dav_err->desc, dav_err->status, dav_err->error_id);
- return HTTP_INTERNAL_SERVER_ERROR;
+ /* Ensure that we never allow access by dav_err->status */
+ return (dav_err->status != OK && dav_err->status != DECLINED) ?
+ dav_err->status : HTTP_INTERNAL_SERVER_ERROR;
}
if (dest_repos_path)
--
Jani Averbach
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Sep 18 20:12:12 2004