You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by rh...@apache.org on 2013/12/13 12:38:25 UTC

svn commit: r1550691 - /subversion/trunk/subversion/libsvn_subr/config_auth.c

Author: rhuijben
Date: Fri Dec 13 11:38:24 2013
New Revision: 1550691

URL: http://svn.apache.org/r1550691
Log:
* subversion/libsvn_subr/config_auth.c
  (svn_config_read_auth_data): Verify if the realm really matches before
    handing back the credentials.

Modified:
    subversion/trunk/subversion/libsvn_subr/config_auth.c

Modified: subversion/trunk/subversion/libsvn_subr/config_auth.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/config_auth.c?rev=1550691&r1=1550690&r2=1550691&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/config_auth.c (original)
+++ subversion/trunk/subversion/libsvn_subr/config_auth.c Fri Dec 13 11:38:24 2013
@@ -89,6 +89,7 @@ svn_config_read_auth_data(apr_hash_t **h
   if (kind == svn_node_file)
     {
       svn_stream_t *stream;
+      const char *stored_realm;
 
       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
                 _("Unable to open auth file for reading"));
@@ -100,6 +101,11 @@ svn_config_read_auth_data(apr_hash_t **h
                              svn_dirent_local_style(auth_path, pool)));
 
       SVN_ERR(svn_stream_close(stream));
+
+      stored_realm = svn_hash_gets(*hash, SVN_CONFIG_REALMSTRING_KEY);
+
+      if (!stored_realm || strcmp(stored_realm, realmstring) != 0)
+        *hash = NULL; /* Hash collision, or somebody tampering with storage */
     }
 
   return SVN_NO_ERROR;