Good morning Senthil,
Senthil Kumaran S wrote on Fri, 16 May 2008 at 16:19 +0530:
> Hi,
>
Thanks for your patience with this patch. I'll look at it now.
> I am attaching a patch along with this email which fixes issue #2242.
>
> [[[
> Fix issue #2242.
>
> auth cache picking up password from wrong username entry.
>
> * subversion/libsvn_subr/simple_providers.c
> (simple_password_get): Validate the username for which we get the password.
>
> Patch by: stylesen
> ]]]
>
> Thank You.
Okay, I compiled with it and it fixes the issue for me over svn://. (I
first tested over file:// and almost said it was broken, when I realised
I should test over svn://.) Two questions:
> Index: subversion/libsvn_subr/simple_providers.c
> ===================================================================
> --- subversion/libsvn_subr/simple_providers.c (revision 31223)
> +++ subversion/libsvn_subr/simple_providers.c (working copy)
> @@ -97,12 +97,17 @@
> apr_pool_t *pool)
> {
> svn_string_t *str;
> - str = apr_hash_get(creds, SVN_AUTH__AUTHFILE_PASSWORD_KEY,
> + str = apr_hash_get(creds, SVN_AUTH__AUTHFILE_USERNAME_KEY,
> APR_HASH_KEY_STRING);
> - if (str && str->data)
> + if (strcmp(str->data, username) == 0)
^
Can STR be NULL here? I prefer
str = apr_hash_get(creds, SVN_AUTH__AUTHFILE_USERNAME_KEY,
APR_HASH_KEY_STRING);
if (str && strcmp(str->data, username) == 0)
> {
> - *password = str->data;
> - return TRUE;
> + str = apr_hash_get(creds, SVN_AUTH__AUTHFILE_PASSWORD_KEY,
> + APR_HASH_KEY_STRING);
> + if (str && str->data)
> + {
> + *password = str->data;
> + return TRUE;
> + }
> }
> return FALSE;
> }
>
Can you write a regression test?
Thanks,
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-26 07:39:45 CEST