[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: crash in 1.4.2 and https

From: Stefan Kng <tortoisesvn_at_gmail.com>
Date: 2006-11-13 19:20:17 CET

Ben Collins-Sussman wrote:
> Well, there must be some code somewhere that is calling the svn_auth.h
> API incorrectly. The API says that the client code should first call
> svn_auth_first_credentials(), which will either return creds or not.
> If creds are returned and fail to authenticate, then the caller can
> try fetching 'more' credentials by calling svn_auth_next_credentials()
> over and over, until we run out of creds (creds comes back as NULL.)
>
> If you look at the code to first_credentials(), the only time the
> iter_baton is set to NULL is when there are no creds at all. That
> means the some SSPI code must be calling next_credentials() even when
> first_credentials() returned nothing! That would very wrong. :-)
>
> I can't help with debugging the SSPI scenario, but perhaps we should
> patch next_credentials() to check that (iter_baton != NULL), and throw
> a real svn_error_t if it is.

What would happen if neon tries different auth methods while increasing
the 'attempt' value each time? Would that maybe cause this kind of
crash? Because as I understand, Subversion only calls
svn_auth_first_credentials() if 'attempt' is zero, but it should call
this for every 'new' auth method. I could be wrong here of course.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Nov 13 19:20:36 2006

This is an archived mail posted to the Subversion Dev mailing list.