On 1/10/14, 11:22 PM, Ben Reser wrote:
> On 1/10/14, 4:19 AM, Philip Martin wrote:
>> It is not fixed. If you look a few lines down we pass a NULL path:
>>
>> apr_text_append(resource->pool, option,
>> dav_svn__build_uri(resource->info->repos,
>> DAV_SVN__BUILD_URI_ACT_COLLECTION,
>> SVN_INVALID_REVNUM, NULL,
>> 1 /* add_href */,
>> resource->pool));
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x7f318b7fe700 (LWP 21796)]
>> 0x00007f319a42a391 in dav_svn__build_uri (repos=0x7f3196f682b0,
>> what=DAV_SVN__BUILD_URI_ACT_COLLECTION, revision=-1, path=0x0, add_href=1,
>> pool=0x7f3196f6c028) at ../src/subversion/mod_dav_svn/util.c:244
>> 244 if (root_path[0] == '/' && root_path[1] == '\0')
>> (gdb) p root_path
>> $1 = 0x0
>> (gdb) up
>> #1 0x00007f319a42bc2f in get_option (resource=0x7f3196f68330,
>> elem=0x7f3196f68728, option=0x7f318b7fdb00)
>> at ../src/subversion/mod_dav_svn/version.c:188
>> 188 apr_text_append(resource->pool, option,
>
> I reverted Bert's fix and applied a better one in r1557320.
This issue has been assigned CVE-2014-0032
Received on 2014-01-13 00:44:33 CET