Return-Path: X-Original-To: apmail-subversion-commits-archive@minotaur.apache.org Delivered-To: apmail-subversion-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1FF6F1758B for ; Fri, 25 Sep 2015 16:25:31 +0000 (UTC) Received: (qmail 87725 invoked by uid 500); 25 Sep 2015 16:25:31 -0000 Delivered-To: apmail-subversion-commits-archive@subversion.apache.org Received: (qmail 87688 invoked by uid 500); 25 Sep 2015 16:25:31 -0000 Mailing-List: contact commits-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@subversion.apache.org Delivered-To: mailing list commits@subversion.apache.org Received: (qmail 87678 invoked by uid 99); 25 Sep 2015 16:25:31 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Sep 2015 16:25:30 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 95B071A0ABC for ; Fri, 25 Sep 2015 16:25:30 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.001 X-Spam-Level: * X-Spam-Status: No, score=1.001 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 47FJjGIMBUGm for ; Fri, 25 Sep 2015 16:25:30 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTP id D444C42B30 for ; Fri, 25 Sep 2015 16:25:29 +0000 (UTC) Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 568ACE043F for ; Fri, 25 Sep 2015 16:25:29 +0000 (UTC) Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 2F2733A0233 for ; Fri, 25 Sep 2015 16:25:29 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1705328 - /subversion/trunk/subversion/libsvn_subr/auth.c Date: Fri, 25 Sep 2015 16:25:29 -0000 To: commits@subversion.apache.org From: ivan@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20150925162529.2F2733A0233@svn01-us-west.apache.org> Author: ivan Date: Fri Sep 25 16:25:28 2015 New Revision: 1705328 URL: http://svn.apache.org/viewvc?rev=1705328&view=rev Log: Resolve a possible segfault in authentication credentials cache caused by storing key in APR hashtable without copying to long-life pool. I don't know exact reproduction script, but it's obvious bug and crash reported via TortoiseSVN crash dump service multiple times. Found by: TortoiseSVN crash dump * subversion/libsvn_subr/auth.c (svn_auth_next_credentials): Copy STATE->CACHE_KEY to AUTH_BATON->POOL before adding it to AUTH_BATON->CREDS_CACHE. Modified: subversion/trunk/subversion/libsvn_subr/auth.c Modified: subversion/trunk/subversion/libsvn_subr/auth.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/auth.c?rev=1705328&r1=1705327&r2=1705328&view=diff ============================================================================== --- subversion/trunk/subversion/libsvn_subr/auth.c (original) +++ subversion/trunk/subversion/libsvn_subr/auth.c Fri Sep 25 16:25:28 2015 @@ -370,7 +370,9 @@ svn_auth_next_credentials(void **credent if (creds != NULL) { /* Put the creds in the cache */ - svn_hash_sets(auth_baton->creds_cache, state->cache_key, creds); + svn_hash_sets(auth_baton->creds_cache, + apr_pstrdup(auth_baton->pool, state->cache_key), + creds); break; }