[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

bug in new plaintext auth-prompt warning

From: Ben Collins-Sussman <sussman_at_red-bean.com>
Date: Tue, 10 Jun 2008 10:35:22 -0500

I love that our new svn_cmdline_auth_plaintext_prompt() screams murder
about storing the password in plaintext! However, I ran into a bug
this morning with it. svnmucc was passing a NULL prompt baton into it
(which seems legitimate to me), and the function was just blindly
dereferencing the baton to find the user's config_path. I made a
small patch below which conditionalizes the printing of the
config_path text. It fixes the svnmucc segfault. Any objections to
my committing this?

(I'm asking before I commit, since I've not been paying detailed
attention to this new feature.)

Index: subversion/libsvn_subr/prompt.c
--- subversion/libsvn_subr/prompt.c (revision 31680)
+++ subversion/libsvn_subr/prompt.c (working copy)
@@ -390,11 +390,12 @@
   svn_boolean_t answered = FALSE;
   const char *prompt_string = _("Store password unencrypted (yes/no)? ");
   svn_cmdline_prompt_baton2_t *pb = baton;
- const char *config_path;
- SVN_ERR(svn_config_get_user_config_path(&config_path, pb->config_dir,
+ const char *config_path = NULL;

+ if (pb)
+ SVN_ERR(svn_config_get_user_config_path(&config_path, pb->config_dir,
   SVN_ERR(svn_cmdline_fprintf(stderr, pool,
     "ATTENTION! Your password for authentication realm:\n"
@@ -404,13 +405,19 @@
     "can only be stored to disk unencrypted! You are advised to configure\n"
     "your system so that Subversion can store passwords encrypted, if\n"
     "possible. See the documentation for details.\n"
- "\n"
- "You can avoid future appearances of this warning by setting the value\n"
- "of the 'store-plaintext-passwords' option to either 'yes' or 'no' in\n"
- "'%s'.\n"
- "-----------------------------------------------------------------------\n"
- ), realmstring, config_path));
+ ), realmstring));

+ if (config_path)
+ SVN_ERR(svn_cmdline_fprintf(stderr, pool,
+ _("\n"
+ "You can avoid future appearances of this warning by setting
the value\n"
+ "of the 'store-plaintext-passwords' option to either 'yes' or 'no' in\n"
+ "'%s'.\n"
+ ), realmstring));
+ SVN_ERR(svn_cmdline_fprintf(stderr, pool,
+ "-----------------------------------------------------------------------\n"));
       svn_error_t *err = prompt(&answer, prompt_string, FALSE, pb, pool);

To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-10 17:35:37 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.