You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ph...@apache.org on 2011/07/22 13:33:15 UTC
svn commit: r1149572 -
/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
Author: philip
Date: Fri Jul 22 11:33:14 2011
New Revision: 1149572
URL: http://svn.apache.org/viewvc?rev=1149572&view=rev
Log:
Fix a server SEGV when AuthzForceUsernameCase is used without
authentication.
* subversion/mod_authz_svn/mod_authz_svn.c
(get_username_to_authorize): Allow NULL username.
Patch by: roderich.schupp{_AT_}googlemail.com
Modified:
subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
Modified: subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c?rev=1149572&r1=1149571&r2=1149572&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c Fri Jul 22 11:33:14 2011
@@ -245,7 +245,7 @@ static char *
get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf)
{
char *username_to_authorize = r->user;
- if (conf->force_username_case)
+ if (username_to_authorize && conf->force_username_case)
{
username_to_authorize = apr_pstrdup(r->pool, r->user);
convert_case(username_to_authorize,
Re: svn commit: r1149572 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
Posted by "C. Michael Pilato" <cm...@collab.net>.
On 07/22/2011 07:33 AM, philip@apache.org wrote:
> Author: philip
> Date: Fri Jul 22 11:33:14 2011
> New Revision: 1149572
[...]
> @@ -245,7 +245,7 @@ static char *
> get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf)
> {
> char *username_to_authorize = r->user;
> - if (conf->force_username_case)
> + if (username_to_authorize && conf->force_username_case)
> {
> username_to_authorize = apr_pstrdup(r->pool, r->user);
> convert_case(username_to_authorize,
Minor nit: Given that it's actually r->user that's passed to apr_pstrdup()
and was causing the SEGFAULT, it's slightly less obvious to have tested
username_to_authorize for NULL-ness. That said, I think it's fine in the
code today due to the proximity of the clarifying assignment (that is,
"username_to_authorize = r->user").
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand