You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by sv...@apache.org on 2014/01/16 05:04:15 UTC

svn commit: r1558692 - in /subversion/branches/1.7.x: ./ STATUS subversion/mod_dav_svn/repos.c

Author: svn-role
Date: Thu Jan 16 04:04:14 2014
New Revision: 1558692

URL: http://svn.apache.org/r1558692
Log:
Merge r1557320 from trunk:

 * r1557320
   Resolve segfault while handling OPTIONS request in unusual server
   configuration.
   Justification:
     User triggerable segfaults are bad.
   Votes:
    +1: breser, stefan2, rhuijben

Modified:
    subversion/branches/1.7.x/   (props changed)
    subversion/branches/1.7.x/STATUS
    subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c

Propchange: subversion/branches/1.7.x/
------------------------------------------------------------------------------
  Merged /subversion/trunk:r1557320

Modified: subversion/branches/1.7.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1558692&r1=1558691&r2=1558692&view=diff
==============================================================================
--- subversion/branches/1.7.x/STATUS (original)
+++ subversion/branches/1.7.x/STATUS Thu Jan 16 04:04:14 2014
@@ -112,11 +112,3 @@ Veto-blocked changes:
 
 Approved changes:
 =================
-
- * r1557320
-   Resolve segfault while handling OPTIONS request in unusual server
-   configuration.
-   Justification:
-     User triggerable segfaults are bad.
-   Votes:
-    +1: breser, stefan2, rhuijben

Modified: subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c?rev=1558692&r1=1558691&r2=1558692&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c (original)
+++ subversion/branches/1.7.x/subversion/mod_dav_svn/repos.c Thu Jan 16 04:04:14 2014
@@ -1959,6 +1959,25 @@ get_resource(request_rec *r,
      of private resource, iff the SVNListParentPath directive is 'on'. */
   if (dav_svn__is_parentpath_list(r))
     {
+      /* Only allow GET and HEAD on the parentpath resource
+       * httpd uses the same method_number for HEAD as GET */
+      if (r->method_number != M_GET)
+        {
+          int status;
+
+          /* Marshall the error back to the client by generating by
+           * way of the dav_svn__error_response_tag trick. */
+          err = dav_svn__new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
+                                   SVN_ERR_APMOD_MALFORMED_URI,
+                                   "The URI does not contain the name "
+                                   "of a repository.");
+          /* can't use r->allowed since the default handler isn't called */
+          apr_table_setn(r->headers_out, "Allow", "GET,HEAD");
+          status = dav_svn__error_response_tag(r, err);
+
+          return dav_push_error(r->pool, status, err->error_id, NULL, err);
+        }
+
       err = get_parentpath_resource(r, resource);
       if (err)
         return err;