You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by br...@apache.org on 2014/06/06 17:14:30 UTC

svn commit: r1600909 - /subversion/trunk/subversion/libsvn_subr/config_auth.c

Author: breser
Date: Fri Jun  6 15:14:30 2014
New Revision: 1600909

URL: http://svn.apache.org/r1600909
Log:
Check the realm string before trying to close the stream.

This avoids a potential case where the realm string never gets compared and
so the hash still gets returned to the caller.  This is mostly a theoretical
issue since the caller is almost certainly going to do nothing with the hash
if it gets an error.

* subversion/libsvn_subr/config_auth.c
  (svn_config_read_auth_data): Move the svn_stream_close() after we've
    checked the realm string.

Found by: danielsh

Modified:
    subversion/trunk/subversion/libsvn_subr/config_auth.c

Modified: subversion/trunk/subversion/libsvn_subr/config_auth.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/config_auth.c?rev=1600909&r1=1600908&r2=1600909&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/config_auth.c (original)
+++ subversion/trunk/subversion/libsvn_subr/config_auth.c Fri Jun  6 15:14:30 2014
@@ -101,12 +101,12 @@ svn_config_read_auth_data(apr_hash_t **h
                 apr_psprintf(pool, _("Error parsing '%s'"),
                              svn_dirent_local_style(auth_path, pool)));
 
-      SVN_ERR(svn_stream_close(stream));
-
       stored_realm = svn_hash_gets(*hash, SVN_CONFIG_REALMSTRING_KEY);
 
       if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
         *hash = NULL; /* Hash collision, or somebody tampering with storage */
+
+      SVN_ERR(svn_stream_close(stream));
     }
 
   return SVN_NO_ERROR;