subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bre...@apache.org
Subject svn commit: r1463392 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
Date Tue, 02 Apr 2013 05:33:34 GMT
Author: breser
Date: Tue Apr  2 05:33:34 2013
New Revision: 1463392

URL: http://svn.apache.org/r1463392
Log:
Use the absolute URL as the cache_key for repos-relative URLs in
mod_authz_svn.

This fixes what might have been a security problem since two different
repos might have the different authz files at the same path.  If we
use the repos-relative path as a cache_key then the second request
will use the first requests authz file for path based authorization.
Thus potentially allowing an attacker to bypass the authz rules by
making a request against a public repo, followed by a request against
a private repo without closing the connection.  The sort of configuration
that would allow such a thing to happen is precisely what in-repo authz
was intended to allow.

* subversion/mod_authz_svn/mod_authz_svn.c
  (get_access_conf): Move the resolution and canonicalization of a
    repos-relative URL before the determination of the cache_key.


Modified:
    subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

Modified: subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c?rev=1463392&r1=1463391&r2=1463392&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c Tue Apr  2 05:33:34 2013
@@ -347,6 +347,30 @@ get_access_conf(request_rec *r, authz_sv
       access_file = conf->access_file;
     }
 
+  if (svn_path_is_repos_relative_url(access_file))
+    {
+      const char *repos_url;
+      svn_err = svn_uri_get_file_url_from_dirent(&repos_url, repos_path,
+                                                 scratch_pool);
+
+      if (svn_err == SVN_NO_ERROR)
+        svn_err = svn_path_resolve_repos_relative_url(&access_file,
+                                                      access_file,
+                                                      repos_url,
+                                                      scratch_pool);
+
+      if (svn_err == SVN_NO_ERROR)
+        access_file = svn_uri_canonicalize(access_file, scratch_pool);
+
+      if (svn_err)
+        {
+          log_svn_error(APLOG_MARK, r,
+                        "Failed to load the AuthzSVNAccessFile:",
+                        svn_err, scratch_pool);
+          return NULL;
+        }
+    }
+
   ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                 "Path to authz file is %s", access_file);
 
@@ -362,26 +386,10 @@ get_access_conf(request_rec *r, authz_sv
   access_conf = user_data;
   if (access_conf == NULL)
     {
-      if (svn_path_is_repos_relative_url(access_file))
-        {
-          const char *repos_url;
-          svn_err = svn_uri_get_file_url_from_dirent(&repos_url, repos_path,
-                                                     scratch_pool);
-
-          if (svn_err == SVN_NO_ERROR)
-            svn_err = svn_path_resolve_repos_relative_url(&access_file,
-                                                          access_file,
-                                                          repos_url,
-                                                          scratch_pool);
-
-          if (svn_err == SVN_NO_ERROR)
-            access_file = svn_uri_canonicalize(access_file, scratch_pool);
-        }
 
-      if (svn_err == SVN_NO_ERROR)
-        svn_err = svn_repos_authz_read2(&access_conf, access_file,
-                                        conf->groups_file, TRUE,
-                                        r->connection->pool);
+      svn_err = svn_repos_authz_read2(&access_conf, access_file,
+                                      conf->groups_file, TRUE,
+                                      r->connection->pool);
 
       if (svn_err)
         {



Mime
View raw message