You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by James McCoy <ja...@debian.org> on 2015/09/02 06:00:20 UTC
[patch] Fix libsvn_auth_kwallet crash, use-after-free
In Launchpad[0], it was reported that svn will crash when using the
Kwallet integration to store the password during a checkout. Jens
Jorgensen provided the attached patch, which resolves the issue for me.
At the time, Jens mentioned that subsequent svn commands would still
prompt for the password, but I haven't been able to reproduce that.
[0]: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/563179
Cheers,
--
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <ja...@debian.org>
RE: [patch] Fix libsvn_auth_kwallet crash, use-after-free
Posted by Bert Huijben <be...@qqmail.nl>.
> -----Original Message-----
> From: James McCoy [mailto:vega.james@gmail.com] On Behalf Of James
> McCoy
> Sent: donderdag 3 september 2015 04:00
> To: Bert Huijben <be...@qqmail.nl>
> Cc: dev@subversion.apache.org
> Subject: Re: [patch] Fix libsvn_auth_kwallet crash, use-after-free
> > Can you verify if the patch in https://svn.apache.org/r1700740 fixes this
> problem?
>
> With the below change, it does:
>
> Index: subversion/libsvn_auth_kwallet/kwallet.cpp
> ================================================================
> ===
> --- subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1700924)
> +++ subversion/libsvn_auth_kwallet/kwallet.cpp (working copy)
> @@ -47,6 +47,7 @@
> #include "svn_auth.h"
> #include "svn_config.h"
> #include "svn_error.h"
> +#include "svn_hash.h"
> #include "svn_io.h"
> #include "svn_pools.h"
> #include "svn_string.h"
Thanks,
Committed this patch in r1700951 and nominated both patches for backporting to 1.9.2.
Thanks,
Bert
Re: [patch] Fix libsvn_auth_kwallet crash, use-after-free
Posted by James McCoy <ja...@debian.org>.
On Wed, Sep 02, 2015 at 11:16:29AM +0200, Bert Huijben wrote:
> > -----Original Message-----
> > From: James McCoy [mailto:jamessan@debian.org]
> > Sent: woensdag 2 september 2015 06:00
> > To: dev@subversion.apache.org
> > Subject: [patch] Fix libsvn_auth_kwallet crash, use-after-free
> >
> > In Launchpad[0], it was reported that svn will crash when using the
> > Kwallet integration to store the password during a checkout. Jens
> > Jorgensen provided the attached patch, which resolves the issue for me.
> >
> > At the time, Jens mentioned that subsequent svn commands would still
> > prompt for the password, but I haven't been able to reproduce that.
>
> Hi James,
>
> I reviewed the original code after this bug report and tried to apply a few more cleanups.
>
> Can you verify if the patch in https://svn.apache.org/r1700740 fixes this problem?
With the below change, it does:
Index: subversion/libsvn_auth_kwallet/kwallet.cpp
===================================================================
--- subversion/libsvn_auth_kwallet/kwallet.cpp (revision 1700924)
+++ subversion/libsvn_auth_kwallet/kwallet.cpp (working copy)
@@ -47,6 +47,7 @@
#include "svn_auth.h"
#include "svn_config.h"
#include "svn_error.h"
+#include "svn_hash.h"
#include "svn_io.h"
#include "svn_pools.h"
#include "svn_string.h"
Cheers,
--
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <ja...@debian.org>
RE: [patch] Fix libsvn_auth_kwallet crash, use-after-free
Posted by Bert Huijben <be...@qqmail.nl>.
> -----Original Message-----
> From: James McCoy [mailto:jamessan@debian.org]
> Sent: woensdag 2 september 2015 06:00
> To: dev@subversion.apache.org
> Subject: [patch] Fix libsvn_auth_kwallet crash, use-after-free
>
> In Launchpad[0], it was reported that svn will crash when using the
> Kwallet integration to store the password during a checkout. Jens
> Jorgensen provided the attached patch, which resolves the issue for me.
>
> At the time, Jens mentioned that subsequent svn commands would still
> prompt for the password, but I haven't been able to reproduce that.
Hi James,
I reviewed the original code after this bug report and tried to apply a few more cleanups.
Can you verify if the patch in https://svn.apache.org/r1700740 fixes this problem?
Thanks,
Bert
>
> [0]: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/563179
>
> Cheers,
> --
> James
> GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <ja...@debian.org>