You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by ph...@apache.org on 2011/07/22 13:33:15 UTC

svn commit: r1149572 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

Author: philip
Date: Fri Jul 22 11:33:14 2011
New Revision: 1149572

URL: http://svn.apache.org/viewvc?rev=1149572&view=rev
Log:
Fix a server SEGV when AuthzForceUsernameCase is used without
authentication.

* subversion/mod_authz_svn/mod_authz_svn.c
  (get_username_to_authorize): Allow NULL username.

Patch by: roderich.schupp{_AT_}googlemail.com

Modified:
    subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

Modified: subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c?rev=1149572&r1=1149571&r2=1149572&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c Fri Jul 22 11:33:14 2011
@@ -245,7 +245,7 @@ static char *
 get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf)
 {
   char *username_to_authorize = r->user;
-  if (conf->force_username_case)
+  if (username_to_authorize && conf->force_username_case)
     {
       username_to_authorize = apr_pstrdup(r->pool, r->user);
       convert_case(username_to_authorize,

Re: svn commit: r1149572 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

Posted by "C. Michael Pilato" <cm...@collab.net>.

On 07/22/2011 07:33 AM, philip@apache.org wrote:
> Author: philip
> Date: Fri Jul 22 11:33:14 2011
> New Revision: 1149572

[...]

> @@ -245,7 +245,7 @@ static char *
>  get_username_to_authorize(request_rec *r, authz_svn_config_rec *conf)
>  {
>    char *username_to_authorize = r->user;
> -  if (conf->force_username_case)
> +  if (username_to_authorize && conf->force_username_case)
>      {
>        username_to_authorize = apr_pstrdup(r->pool, r->user);
>        convert_case(username_to_authorize,

Minor nit:  Given that it's actually r->user that's passed to apr_pstrdup()
and was causing the SEGFAULT, it's slightly less obvious to have tested
username_to_authorize for NULL-ness.  That said, I think it's fine in the
code today due to the proximity of the clarifying assignment (that is,
"username_to_authorize = r->user").

-- 
C. Michael Pilato <cm...@collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand