[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: crash in 1.4.2 and https

From: Ben Collins-Sussman <sussman_at_red-bean.com>
Date: 2006-11-13 16:21:56 CET

Well, there must be some code somewhere that is calling the svn_auth.h
API incorrectly. The API says that the client code should first call
svn_auth_first_credentials(), which will either return creds or not.
If creds are returned and fail to authenticate, then the caller can
try fetching 'more' credentials by calling svn_auth_next_credentials()
over and over, until we run out of creds (creds comes back as NULL.)

If you look at the code to first_credentials(), the only time the
iter_baton is set to NULL is when there are no creds at all. That
means the some SSPI code must be calling next_credentials() even when
first_credentials() returned nothing! That would very wrong. :-)

I can't help with debugging the SSPI scenario, but perhaps we should
patch next_credentials() to check that (iter_baton != NULL), and throw
a real svn_error_t if it is.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Nov 13 16:22:16 2006

This is an archived mail posted to the Subversion Dev mailing list.