[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [patch] Fix libsvn_auth_kwallet crash, use-after-free

From: James McCoy <jamessan_at_debian.org>
Date: Wed, 2 Sep 2015 22:00:04 -0400

On Wed, Sep 02, 2015 at 11:16:29AM +0200, Bert Huijben wrote:
> > -----Original Message-----
> > From: James McCoy [mailto:jamessan_at_debian.org]
> > Sent: woensdag 2 september 2015 06:00
> > To: dev_at_subversion.apache.org
> > Subject: [patch] Fix libsvn_auth_kwallet crash, use-after-free
> >
> > In Launchpad[0], it was reported that svn will crash when using the
> > Kwallet integration to store the password during a checkout. Jens
> > Jorgensen provided the attached patch, which resolves the issue for me.
> >
> > At the time, Jens mentioned that subsequent svn commands would still
> > prompt for the password, but I haven't been able to reproduce that.
>
> Hi James,
>
> I reviewed the original code after this bug report and tried to apply a few more cleanups.
>
> Can you verify if the patch in https://svn.apache.org/r1700740 fixes this problem?

With the below change, it does:

Index: subversion/libsvn_auth_kwallet/kwallet.cpp
===================================================================
--- subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1700924)
+++ subversion/libsvn_auth_kwallet/kwallet.cpp (working copy)
@@ -47,6 +47,7 @@
 #include "svn_auth.h"
 #include "svn_config.h"
 #include "svn_error.h"
+#include "svn_hash.h"
 #include "svn_io.h"
 #include "svn_pools.h"
 #include "svn_string.h"

Cheers,

-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <jamessan_at_debian.org>
Received on 2015-09-03 04:00:13 CEST

This is an archived mail posted to the Subversion Dev mailing list.