[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn+ssh crash on checkout

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: Fri, 19 Dec 2008 11:33:22 +0000

On Fri, 2008-12-19 at 10:23 +0000, Julian Foad wrote:
> On Fri, 2008-12-19 at 00:11 -0600, Hyrum K. Wright wrote:
> > I just attempted to checkout a working copy via svn+ssh:
> >
> > hyrum-wrights-macbook-pro:dev Hyrum$ svnd co svn+ssh://example.com/var/svn/sdp out
> > hwright_at_example.com's password:
> > Bus error

Please test this fix:

[[[
Fix a crash in Cyrus SASL auth support. From looking at the history it
appears that the bug lay dormant until r33866 which started passing strings
that are actually unmodifiable.

Found by: hwright

* subversion/libsvn_ra_svn/cyrus_auth.c
  (try_auth): Don't try to modify a constant string; allocate a new one.
--This line, and those below, will be ignored--

Index: subversion/libsvn_ra_svn/cyrus_auth.c
===================================================================
--- subversion/libsvn_ra_svn/cyrus_auth.c (revision 34826)
+++ subversion/libsvn_ra_svn/cyrus_auth.c (working copy)
@@ -401,10 +401,12 @@ static svn_error_t *try_auth(svn_ra_svn_
             /* For anything else, delete the mech from the list
                and try again. */
             {
- char *dst = strstr(mechstring, mech);
- char *src = dst + strlen(mech);
- while ((*dst++ = *src++) != '\0')
- ;
+ const char *pmech = strstr(mechstring, mech);
+ const char *head = apr_pstrndup(pool, mechstring,
+ pmech - mechstring);
+ const char *tail = pmech + strlen(mech);
+
+ mechstring = apr_pstrcat(pool, head, tail, NULL);
               again = TRUE;
             }
         }
]]]

It adds two pool allocations per mechanism, but I think it's clearer and
unless I'm much mistaken these auth's won't be performed huge numbers of
times in a tight loop.

r33866 was:
[[[
------------------------------------------------------------------------
r33866 | glasser | 2008-10-23 18:53:32 +0100 (Thu, 23 Oct 2008) | 13 lines

Fix regression in 1.5.x which made ra_svn clients compiled against Cyrus
use ANONYMOUS even if EXTERNAL was available.

* subversion/libsvn_ra_svn/cyrus_auth.c
  (svn_ra_svn__do_cyrus_auth): Prefer EXTERNAL to ANONYMOUS.
[...]
]]]

I haven't yet checked whether r33866 has been back-ported, and so
whether this fix need to be back-ported.

- Julian

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=987356
Received on 2008-12-19 12:28:47 CET

This is an archived mail posted to the Subversion Dev mailing list.