[patch] Fix libsvn_auth_kwallet crash, use-after-free

[James McCoy <ja...@debian.org>]

In Launchpad[0], it was reported that svn will crash when using the
Kwallet integration to store the password during a checkout.  Jens
Jorgensen provided the attached patch, which resolves the issue for me.

At the time, Jens mentioned that subsequent svn commands would still
prompt for the password, but I haven't been able to reproduce that.

[0]: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/563179

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <ja...@debian.org>

RE: [patch] Fix libsvn_auth_kwallet crash, use-after-free

[Bert Huijben <be...@qqmail.nl>]

> -----Original Message-----
> From: James McCoy [mailto:vega.james@gmail.com] On Behalf Of James
> McCoy
> Sent: donderdag 3 september 2015 04:00
> To: Bert Huijben <be...@qqmail.nl>
> Cc: dev@subversion.apache.org
> Subject: Re: [patch] Fix libsvn_auth_kwallet crash, use-after-free

> > Can you verify if the patch in https://svn.apache.org/r1700740 fixes this
> problem?
> 
> With the below change, it does:
> 
> Index: subversion/libsvn_auth_kwallet/kwallet.cpp
> ================================================================
> ===
> --- subversion/libsvn_auth_kwallet/kwallet.cpp	(revision 1700924)
> +++ subversion/libsvn_auth_kwallet/kwallet.cpp	(working copy)
> @@ -47,6 +47,7 @@
>  #include "svn_auth.h"
>  #include "svn_config.h"
>  #include "svn_error.h"
> +#include "svn_hash.h"
>  #include "svn_io.h"
>  #include "svn_pools.h"
>  #include "svn_string.h"

Thanks,

Committed this patch in r1700951 and nominated both patches for backporting to 1.9.2.

Thanks,
	Bert

Re: [patch] Fix libsvn_auth_kwallet crash, use-after-free

[James McCoy <ja...@debian.org>]

On Wed, Sep 02, 2015 at 11:16:29AM +0200, Bert Huijben wrote:
> > -----Original Message-----
> > From: James McCoy [mailto:jamessan@debian.org]
> > Sent: woensdag 2 september 2015 06:00
> > To: dev@subversion.apache.org
> > Subject: [patch] Fix libsvn_auth_kwallet crash, use-after-free
> > 
> > In Launchpad[0], it was reported that svn will crash when using the
> > Kwallet integration to store the password during a checkout.  Jens
> > Jorgensen provided the attached patch, which resolves the issue for me.
> > 
> > At the time, Jens mentioned that subsequent svn commands would still
> > prompt for the password, but I haven't been able to reproduce that.
> 
> 	Hi James,
> 
> I reviewed the original code after this bug report and tried to apply a few more cleanups.
> 
> Can you verify if the patch in https://svn.apache.org/r1700740 fixes this problem?

With the below change, it does:

Index: subversion/libsvn_auth_kwallet/kwallet.cpp
===================================================================
--- subversion/libsvn_auth_kwallet/kwallet.cpp	(revision 1700924)
+++ subversion/libsvn_auth_kwallet/kwallet.cpp	(working copy)
@@ -47,6 +47,7 @@
 #include "svn_auth.h"
 #include "svn_config.h"
 #include "svn_error.h"
+#include "svn_hash.h"
 #include "svn_io.h"
 #include "svn_pools.h"
 #include "svn_string.h"

Cheers,
-- 
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <ja...@debian.org>

RE: [patch] Fix libsvn_auth_kwallet crash, use-after-free

[Bert Huijben <be...@qqmail.nl>]

> -----Original Message-----
> From: James McCoy [mailto:jamessan@debian.org]
> Sent: woensdag 2 september 2015 06:00
> To: dev@subversion.apache.org
> Subject: [patch] Fix libsvn_auth_kwallet crash, use-after-free
> 
> In Launchpad[0], it was reported that svn will crash when using the
> Kwallet integration to store the password during a checkout.  Jens
> Jorgensen provided the attached patch, which resolves the issue for me.
> 
> At the time, Jens mentioned that subsequent svn commands would still
> prompt for the password, but I haven't been able to reproduce that.

	Hi James,

I reviewed the original code after this bug report and tried to apply a few more cleanups.

Can you verify if the patch in https://svn.apache.org/r1700740 fixes this problem?

Thanks,
	Bert

> 
> [0]: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/563179
> 
> Cheers,
> --
> James
> GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <ja...@debian.org>