You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by sv...@apache.org on 2014/01/16 05:04:15 UTC
svn commit: r1558692 - in /subversion/branches/1.7.x: ./ STATUS
subversion/mod_dav_svn/repos.c
Author: svn-role
Date: Thu Jan 16 04:04:14 2014
New Revision: 1558692
URL: http://svn.apache.org/r1558692
Log:
Merge r1557320 from trunk:
* r1557320
Resolve segfault while handling OPTIONS request in unusual server
configuration.
Justification:
User triggerable segfaults are bad.
Votes:
+1: breser, stefan2, rhuijben
Modified:
subversion/branches/1.7.x/ (props changed)
subversion/branches/1.7.x/STATUS
subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c
Propchange: subversion/branches/1.7.x/
------------------------------------------------------------------------------
Merged /subversion/trunk:r1557320
Modified: subversion/branches/1.7.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1558692&r1=1558691&r2=1558692&view=diff
==============================================================================
--- subversion/branches/1.7.x/STATUS (original)
+++ subversion/branches/1.7.x/STATUS Thu Jan 16 04:04:14 2014
@@ -112,11 +112,3 @@ Veto-blocked changes:
Approved changes:
=================
-
- * r1557320
- Resolve segfault while handling OPTIONS request in unusual server
- configuration.
- Justification:
- User triggerable segfaults are bad.
- Votes:
- +1: breser, stefan2, rhuijben
Modified: subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c?rev=1558692&r1=1558691&r2=1558692&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c (original)
+++ subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c Thu Jan 16 04:04:14 2014
@@ -1959,6 +1959,25 @@ get_resource(request_rec *r,
of private resource, iff the SVNListParentPath directive is 'on'. */
if (dav_svn__is_parentpath_list(r))
{
+ /* Only allow GET and HEAD on the parentpath resource
+ * httpd uses the same method_number for HEAD as GET */
+ if (r->method_number != M_GET)
+ {
+ int status;
+
+ /* Marshall the error back to the client by generating by
+ * way of the dav_svn__error_response_tag trick. */
+ err = dav_svn__new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
+ SVN_ERR_APMOD_MALFORMED_URI,
+ "The URI does not contain the name "
+ "of a repository.");
+ /* can't use r->allowed since the default handler isn't called */
+ apr_table_setn(r->headers_out, "Allow", "GET,HEAD");
+ status = dav_svn__error_response_tag(r, err);
+
+ return dav_push_error(r->pool, status, err->error_id, NULL, err);
+ }
+
err = get_parentpath_resource(r, resource);
if (err)
return err;