subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From phi...@apache.org
Subject svn commit: r1205848 - /subversion/trunk/subversion/libsvn_fs_base/bdb/locks-table.c
Date Thu, 24 Nov 2011 14:36:48 GMT
Author: philip
Date: Thu Nov 24 14:36:47 2011
New Revision: 1205848

URL: http://svn.apache.org/viewvc?rev=1205848&view=rev
Log:
Fix a potential read beyond allocated memory.

* subversion/libsvn_fs_base/bdb/locks-table.c
  (svn_fs_bdb__locks_get): When the BDB key is a path don't rely on it
   being null terminated.

Modified:
    subversion/trunk/subversion/libsvn_fs_base/bdb/locks-table.c

Modified: subversion/trunk/subversion/libsvn_fs_base/bdb/locks-table.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_fs_base/bdb/locks-table.c?rev=1205848&r1=1205847&r2=1205848&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_fs_base/bdb/locks-table.c (original)
+++ subversion/trunk/subversion/libsvn_fs_base/bdb/locks-table.c Thu Nov 24 14:36:47 2011
@@ -207,6 +207,7 @@ svn_fs_bdb__locks_get(svn_fs_t *fs,
   svn_lock_t *lock;
   svn_error_t *err;
   const char *lookup_path = path;
+  apr_size_t lookup_len;
 
   /* First, try to lookup PATH itself. */
   err = svn_fs_bdb__lock_token_get(&lock_token, fs, path, trail, pool);
@@ -255,11 +256,13 @@ svn_fs_bdb__locks_get(svn_fs_t *fs,
 
   if (!svn_fspath__is_root(path, strlen(path)))
     lookup_path = apr_pstrcat(pool, path, "/", (char *)NULL);
+  lookup_len = strlen(lookup_path);
 
   /* As long as the prefix of the returned KEY matches LOOKUP_PATH we
      know it is either LOOKUP_PATH or a decendant thereof.  */
   while ((! db_err)
-         && strncmp(lookup_path, key.data, strlen(lookup_path)) == 0)
+         && lookup_len < key.size
+         && strncmp(lookup_path, key.data, lookup_len) == 0)
     {
       const char *child_path;
 



Mime
View raw message