subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From i...@apache.org
Subject svn commit: r1705328 - /subversion/trunk/subversion/libsvn_subr/auth.c
Date Fri, 25 Sep 2015 16:25:29 GMT
Author: ivan
Date: Fri Sep 25 16:25:28 2015
New Revision: 1705328

URL: http://svn.apache.org/viewvc?rev=1705328&view=rev
Log:
Resolve a possible segfault in authentication credentials cache caused by
storing key in APR hashtable without copying to long-life pool. I don't know
exact reproduction script, but it's obvious bug and crash reported via
TortoiseSVN crash dump service multiple times.

Found by: TortoiseSVN crash dump

* subversion/libsvn_subr/auth.c
  (svn_auth_next_credentials): Copy STATE->CACHE_KEY to AUTH_BATON->POOL
   before adding it to AUTH_BATON->CREDS_CACHE.

Modified:
    subversion/trunk/subversion/libsvn_subr/auth.c

Modified: subversion/trunk/subversion/libsvn_subr/auth.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/auth.c?rev=1705328&r1=1705327&r2=1705328&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/auth.c (original)
+++ subversion/trunk/subversion/libsvn_subr/auth.c Fri Sep 25 16:25:28 2015
@@ -370,7 +370,9 @@ svn_auth_next_credentials(void **credent
       if (creds != NULL)
         {
           /* Put the creds in the cache */
-          svn_hash_sets(auth_baton->creds_cache, state->cache_key, creds);
+          svn_hash_sets(auth_baton->creds_cache,
+                        apr_pstrdup(auth_baton->pool, state->cache_key),
+                        creds);
           break;
         }
 



Mime
View raw message