[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: NULL-pointer access in RC5

From: Lieven Govaerts <svnlgo_at_mobsol.be>
Date: Sat, 07 Jun 2008 11:05:22 +0200

Stefan Küng wrote:
> Stefan Küng wrote:
>> Lieven Govaerts wrote:
>>> I've looked at the code and the only possible situation I can think
>>> of that can lead to this stacktrace is when in handle_basic_auth,
>>> svn_auth_first_credentials returns an error. If that happens,
>>> session->realm will be set, but the auth_state will be (most likely)
>>> NULL.That's okay if that error is raised to the user, but I've
>>> noticed we just ignore it in svn_ra_serf__handle_auth.
>> Seems correct. I don't have much information about the crash report
>> (I only have the crash dump file, no additional information).
>>> Now I don't know how to reproduce this yet, but I have found that if
>>> I keep supplying wrong credentials on the command line, after 3
>>> times svn will hang using 100% cpu. I have a fix for that in my
>>> trunk working copy, which also fixes the ignored error problem. As
>>> soon as I get my NTLM+Basic setup working again I'll test and commit.
>>> I suppose you don't have the possibility to check if that fix will
>>> solve this issue?
>> I'll try contacting the person which sent the crash dump and see if I
>> can send him/her an updated version of TSVN to test. But usually the
>> people who sent the reports don't answer mails asking for more
>> information.
> Some more information:
> The user tried to get a lock on a file, but then cancelled when asked
> for authentication.
> TSVN sets the
> svn_auth_cred_username_t **cred
> param of the userprompt callback to
> *cred = NULL
> Maybe that helps?
Yes it does. If you set creds to NULL, svn_auth_first_credentials will
set auth_state to NULL. This causes the crash on the next request.
There's no error involved as I thought earlier.

I've committed a fix for trunk in r31619 and will propose it for
backporting to 1.5.1.


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-07 11:05:41 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.