[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1476366 - /subversion/trunk/subversion/svn/props.c

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: Sat, 27 Apr 2013 17:25:36 +0100 (BST)

Daniel Shahaf wrote:

>> URL: http://svn.apache.org/r1476366
>> Log:
>> * subversion/svn/props.c
>> † (svn_cl__check_svn_prop_name): Eliminate an unsafe printf format string
>> † † by using svn_error_create() instead of svn_error_createf().
>
> unsafe printf string == heap underflow == potential segfault == backport
> candidate?

I couldn't find a way to trigger it, since putting '%' in a property name leads to the property name being rejected as invalid earlier on.

So I don't think there is an actual security risk here.† We might want to backport in order to avoid the compiler warning and avoid fear, uncertainty and doubt when people see this.

I'll nominate it.

- Julian

>> -† † † return svn_error_createf(
>> +† † † return svn_error_create(
>> † † † † † SVN_ERR_CLIENT_PROPERTY_NAME, NULL,
>> † † † † † wrong_prop_error_message(prop_use, propname, scratch_pool));
Received on 2013-04-27 18:26:31 CEST

This is an archived mail posted to the Subversion Dev mailing list.