Re: svn_auth_cred_simple_t crash

Ben Collins-Sussman wrote:
>
> On Mar 13, 2005, at 7:48 AM, Martin Hauner wrote:
>
>> Hi,
>>
>> if i set 'const char *password' in 'svn_auth_cred_simple_t' to 0
>> subversion crashes in cram.c compute_digest (called from
>> svn_ra_svn__cram_client) when running strlen on the password (on 1.1.x
>> branch).
>>
>> This happens in my (client) code when the user does not enter a
>> password in
>> the prompt dialog.
>>
>> The code should check the pointer first.
>>
>
> Why do you say that?

I would prefer it that way ;)

> The various svn_auth.h APIs promise to either
> return a "good" cred_simple_t structure, or NULL. I think it's
> completely reasonable for code that receives a non-NULL cred_simple_t
> structure to assume that the structure is complete.

The description for svn_auth_cred_simple_t in svn_auth.h doesn't state
that username or password have to be not 0. And there is no problem with
passing 0 as username.

If you think it should be not 0, i can create a doc patch for it.

> I would argue that the bug is in your client. If the user doesn't enter
> a password, then it should return a credentials structure with password
> = "".

Sure, that's the way i avoid the crash. But it would be less code on my
side if the svn lib would do the check :)

-- 
Martin
Subcommander, http://subcommander.tigris.org
a x-platform Win32/Unix svn gui (qt) client & a text diff/merge tool.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org