You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by rh...@apache.org on 2013/12/13 12:38:25 UTC
svn commit: r1550691 - /subversion/trunk/subversion/libsvn_subr/config_auth.c
Author: rhuijben
Date: Fri Dec 13 11:38:24 2013
New Revision: 1550691
URL: http://svn.apache.org/r1550691
Log:
* subversion/libsvn_subr/config_auth.c
(svn_config_read_auth_data): Verify if the realm really matches before
handing back the credentials.
Modified:
subversion/trunk/subversion/libsvn_subr/config_auth.c
Modified: subversion/trunk/subversion/libsvn_subr/config_auth.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/config_auth.c?rev=1550691&r1=1550690&r2=1550691&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/config_auth.c (original)
+++ subversion/trunk/subversion/libsvn_subr/config_auth.c Fri Dec 13 11:38:24 2013
@@ -89,6 +89,7 @@ svn_config_read_auth_data(apr_hash_t **h
if (kind == svn_node_file)
{
svn_stream_t *stream;
+ const char *stored_realm;
SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
_("Unable to open auth file for reading"));
@@ -100,6 +101,11 @@ svn_config_read_auth_data(apr_hash_t **h
svn_dirent_local_style(auth_path, pool)));
SVN_ERR(svn_stream_close(stream));
+
+ stored_realm = svn_hash_gets(*hash, SVN_CONFIG_REALMSTRING_KEY);
+
+ if (!stored_realm || strcmp(stored_realm, realmstring) != 0)
+ *hash = NULL; /* Hash collision, or somebody tampering with storage */
}
return SVN_NO_ERROR;