[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Another crash in ra_serf in 1.8.0

From: Greg Stein <gstein_at_gmail.com>
Date: Thu, 20 Jun 2013 16:30:04 -0400

On Thu, Jun 20, 2013 at 2:19 PM, Stefan KŁng <tortoisesvn_at_gmail.com> wrote:
> Hi,
>
> Another crash that's climbing up in the crash report statistics for TSVN.
> Seems to be related to the previously discussed problem with checkouts in
> TSVN.
>
> The stack trace:
>
> BowPad
>
> libsvn_tsvn.dll!svn_ra_serf__credentials_callback(char * *
> username=0xffffffffffffffff, char * * password=0x0000000002ba0210,
> serf_request_t * request=0x0000000002ba0280, void *
> baton=0x0000000002c12588, int code=407, const char *
> authn_type=0x000007fee0bf0b58, const char * realm=0x0000000002c12b60,
> apr_pool_t * pool=0x0000000002bb8258) Line 1789 C

The 407 code means a proxy authorization is needed.

The problem in this stack frame is the username address. It clearly
has a problematic value. It should only be about four bytes off from
the password value.

> libsvn_tsvn.dll!serf__handle_basic_auth(int code=-524813808, serf_request_t
> * request=0x0000000002ba8368, serf_bucket_t * response=0x0000000000000001,
> const char * auth_hdr=0x0000000002bb30be, const char *
> auth_attr=0x0000000002bb30be, void * baton=0x0000000002bac270, apr_pool_t *
> pool=0x0000000002ba0198) Line 89 C

The code parameter in this traceback is clearly incorrect. It should
be 407, just like what got passed to the callback.

Either these tracebacks are wonky, or there may be some stack smashing
going on. Stefan?

>...
> The crash is in libsvn_ra_serf\util.c, Snippet
> svn_ra_serf__credentials_callback, line 1789:
> BowPad *username = apr_pstrdup(pool, session->proxy_username);
> *password = apr_pstrdup(pool, session->proxy_password);

Was session bad? Or was the proxy_username bad?

Thx,
-g
Received on 2013-06-20 22:30:36 CEST

This is an archived mail posted to the Subversion Dev mailing list.