subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From svn-r...@apache.org
Subject svn commit: r1615193 - in /subversion/branches/1.7.x: ./ STATUS subversion/libsvn_subr/config_auth.c
Date Fri, 01 Aug 2014 18:58:34 GMT
Author: svn-role
Date: Fri Aug  1 18:58:34 2014
New Revision: 1615193

URL: http://svn.apache.org/r1615193
Log:
Merge the 1.7.x-md5-collision branch:

 * r1550691, r1550772, r1600909
   Guard against MD5 hash collisions when finding cached credentials.
   Justification:
     MD5 collision attacks exist and could be used to trick a client into
     sending cached credentials to a server other than what they were
     cached for.
   Notes:
     Branch is required due to svn_hash_gets() not being available in 1.7.x
   Branch:
     ^/subversion/branches/1.7.x-md5-collision
   Votes:
     +1: breser, stefan2, philip

Modified:
    subversion/branches/1.7.x/   (props changed)
    subversion/branches/1.7.x/STATUS
    subversion/branches/1.7.x/subversion/libsvn_subr/config_auth.c

Propchange: subversion/branches/1.7.x/
------------------------------------------------------------------------------
  Merged /subversion/branches/1.7.x-md5-collision:r1600982-1615192
  Merged /subversion/trunk:r1550691,1550772,1600909

Modified: subversion/branches/1.7.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1615193&r1=1615192&r2=1615193&view=diff
==============================================================================
--- subversion/branches/1.7.x/STATUS (original)
+++ subversion/branches/1.7.x/STATUS Fri Aug  1 18:58:34 2014
@@ -169,16 +169,3 @@ Veto-blocked changes:
 
 Approved changes:
 =================
-
- * r1550691, r1550772, r1600909
-   Guard against MD5 hash collisions when finding cached credentials.
-   Justification:
-     MD5 collision attacks exist and could be used to trick a client into
-     sending cached credentials to a server other than what they were
-     cached for.
-   Notes:
-     Branch is required due to svn_hash_gets() not being available in 1.7.x
-   Branch:
-     ^/subversion/branches/1.7.x-md5-collision
-   Votes:
-     +1: breser, stefan2, philip

Modified: subversion/branches/1.7.x/subversion/libsvn_subr/config_auth.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_subr/config_auth.c?rev=1615193&r1=1615192&r2=1615193&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_subr/config_auth.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_subr/config_auth.c Fri Aug  1 18:58:34 2014
@@ -90,6 +90,7 @@ svn_config_read_auth_data(apr_hash_t **h
   if (kind == svn_node_file)
     {
       svn_stream_t *stream;
+      svn_string_t *stored_realm;
 
       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
                 _("Unable to open auth file for reading"));
@@ -100,6 +101,12 @@ svn_config_read_auth_data(apr_hash_t **h
                 apr_psprintf(pool, _("Error parsing '%s'"),
                              svn_dirent_local_style(auth_path, pool)));
 
+      stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
+                                  APR_HASH_KEY_STRING);
+
+      if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
+        *hash = NULL; /* Hash collision, or somebody tampering with storage */
+
       SVN_ERR(svn_stream_close(stream));
     }
 



Mime
View raw message