subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From svn-r...@apache.org
Subject svn commit: r1605944 - in /subversion/branches/1.8.x: ./ STATUS subversion/libsvn_subr/config_auth.c
Date Fri, 27 Jun 2014 04:00:08 GMT
Author: svn-role
Date: Fri Jun 27 04:00:07 2014
New Revision: 1605944

URL: http://svn.apache.org/r1605944
Log:
Merge the r1550691 group from trunk:

 * r1550691, r1550772, r1600909
   Guard against MD5 hash collisions when finding cached credentials.
   Justification:
     MD5 collision attacks exist and could be used to trick a client into
     sending cached credentials to a server other than what they were
     cached for.
   Votes:
     +1: breser, danielsh, rhuijben

Modified:
    subversion/branches/1.8.x/   (props changed)
    subversion/branches/1.8.x/STATUS
    subversion/branches/1.8.x/subversion/libsvn_subr/config_auth.c

Propchange: subversion/branches/1.8.x/
------------------------------------------------------------------------------
  Merged /subversion/trunk:r1550691,1550772,1600909

Modified: subversion/branches/1.8.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/STATUS?rev=1605944&r1=1605943&r2=1605944&view=diff
==============================================================================
--- subversion/branches/1.8.x/STATUS (original)
+++ subversion/branches/1.8.x/STATUS Fri Jun 27 04:00:07 2014
@@ -263,12 +263,3 @@ Veto-blocked changes:
 
 Approved changes:
 =================
-
- * r1550691, r1550772, r1600909
-   Guard against MD5 hash collisions when finding cached credentials.
-   Justification:
-     MD5 collision attacks exist and could be used to trick a client into
-     sending cached credentials to a server other than what they were
-     cached for.
-   Votes:
-     +1: breser, danielsh, rhuijben

Modified: subversion/branches/1.8.x/subversion/libsvn_subr/config_auth.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/subversion/libsvn_subr/config_auth.c?rev=1605944&r1=1605943&r2=1605944&view=diff
==============================================================================
--- subversion/branches/1.8.x/subversion/libsvn_subr/config_auth.c (original)
+++ subversion/branches/1.8.x/subversion/libsvn_subr/config_auth.c Fri Jun 27 04:00:07 2014
@@ -94,6 +94,7 @@ svn_config_read_auth_data(apr_hash_t **h
   if (kind == svn_node_file)
     {
       svn_stream_t *stream;
+      svn_string_t *stored_realm;
 
       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
                 _("Unable to open auth file for reading"));
@@ -104,6 +105,11 @@ svn_config_read_auth_data(apr_hash_t **h
                 apr_psprintf(pool, _("Error parsing '%s'"),
                              svn_dirent_local_style(auth_path, pool)));
 
+      stored_realm = svn_hash_gets(*hash, SVN_CONFIG_REALMSTRING_KEY);
+
+      if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
+        *hash = NULL; /* Hash collision, or somebody tampering with storage */
+
       SVN_ERR(svn_stream_close(stream));
     }
 



Mime
View raw message