You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2021/02/12 10:40:16 UTC
svn commit: r1886460 -
/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
Author: stsp
Date: Fri Feb 12 10:40:16 2021
New Revision: 1886460
URL: http://svn.apache.org/viewvc?rev=1886460&view=rev
Log:
Add a test for the NULL deref issue also known as CVE-2020-17525.
* subversion/tests/cmdline/mod_authz_svn_tests.py
(nonexistent_repos_relative_access_file): New test.
Modified:
subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
Modified: subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py?rev=1886460&r1=1886459&r2=1886460&view=diff
==============================================================================
--- subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py (original)
+++ subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Fri Feb 12 10:40:16 2021
@@ -1072,6 +1072,43 @@ def repos_relative_access_file(sbox):
verify_gets(test_area_url, in_repos_authz_tests)
+# test for the bug also known as CVS-2020-17525
+@SkipUnless(svntest.main.is_ra_type_dav)
+def nonexistent_repos_relative_access_file(sbox):
+ "repos-relative access file with bad repository URL"
+
+ sbox.build()
+
+ test_area_url = sbox.repo_url.replace('/svn-test-work/repositories/',
+ '/authz-test-work/in-repos-authz/')
+
+ # Construct a bad test-area URL to see what happens if we attempt to access
+ # a repository in a subdirectory which does not exist in SVNParentPath.
+ # This used to crash the server with a NULL-pointer dereference upon
+ # unauthenticated access.
+ test_area_url += '-this/does/not/exist'
+
+ svntest.main.write_authz_file(sbox, {"/": "", "/A": "%s = rw" % user1})
+ shutil.move(sbox.authz_file, os.path.join(sbox.wc_dir, 'authz'))
+ sbox.simple_add('authz')
+ svntest.actions.run_and_verify_svn(None, [], 'relocate',
+ sbox.file_protocol_repo_url(), sbox.wc_dir)
+ sbox.simple_commit(message="adding in-repository authz rules file")
+
+ # access is denied across the board since this repository does not exist
+ in_repos_authz_tests = (
+ { 'path': '', 'status': 401, },
+ { 'path': '/authz', 'status': 401, },
+ { 'path': '/authz', 'user' : user1, 'pw' : user1_pass,
+ 'status': 403, },
+ { 'path': '/A', 'user' : user1, 'pw' : user1_pass,
+ 'status': 403, },
+ { 'path': '/A/', 'user' : user1, 'pw' : user1_pass,
+ 'status': 403, },
+ )
+
+ verify_gets(test_area_url, in_repos_authz_tests)
+
########################################################################
# Run the tests
@@ -1089,6 +1126,7 @@ test_list = [ None,
authn_sallrany,
authn_sallrall,
repos_relative_access_file,
+ nonexistent_repos_relative_access_file,
]
serial_only = True
Re: svn commit: r1886460 -
/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
Posted by Stefan Sperling <st...@elego.de>.
On Tue, Feb 16, 2021 at 08:18:04PM +0000, Daniel Shahaf wrote:
> Stefan Sperling wrote on Tue, Feb 16, 2021 at 12:12:35 +0100:
> > On Mon, Feb 15, 2021 at 07:47:48PM +0000, Daniel Shahaf wrote:
> > > stsp@apache.org wrote on Fri, Feb 12, 2021 at 10:40:16 -0000:
> > > > Author: stsp
> > > > Date: Fri Feb 12 10:40:16 2021
> > > > New Revision: 1886460
> > > >
> > > > URL: http://svn.apache.org/viewvc?rev=1886460&view=rev
> > > > Log:
> > > > Add a test for the NULL deref issue also known as CVE-2020-17525.
> > > >
> > > > * subversion/tests/cmdline/mod_authz_svn_tests.py
> > > > (nonexistent_repos_relative_access_file): New test.
> > >
> > > Propose this for backport?
> >
> > Yes, done now in r1886583.
>
> Thanks. How about 1.10 too? It received the fix so it should receive its tests.
Indeed, I forgot about 1.10. Thanks for the reminder. Done now.
Re: svn commit: r1886460 -
/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Stefan Sperling wrote on Tue, Feb 16, 2021 at 12:12:35 +0100:
> On Mon, Feb 15, 2021 at 07:47:48PM +0000, Daniel Shahaf wrote:
> > stsp@apache.org wrote on Fri, Feb 12, 2021 at 10:40:16 -0000:
> > > Author: stsp
> > > Date: Fri Feb 12 10:40:16 2021
> > > New Revision: 1886460
> > >
> > > URL: http://svn.apache.org/viewvc?rev=1886460&view=rev
> > > Log:
> > > Add a test for the NULL deref issue also known as CVE-2020-17525.
> > >
> > > * subversion/tests/cmdline/mod_authz_svn_tests.py
> > > (nonexistent_repos_relative_access_file): New test.
> >
> > Propose this for backport?
>
> Yes, done now in r1886583.
Thanks. How about 1.10 too? It received the fix so it should receive its tests.
Re: svn commit: r1886460 -
/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
Posted by Stefan Sperling <st...@elego.de>.
On Mon, Feb 15, 2021 at 07:47:48PM +0000, Daniel Shahaf wrote:
> stsp@apache.org wrote on Fri, Feb 12, 2021 at 10:40:16 -0000:
> > Author: stsp
> > Date: Fri Feb 12 10:40:16 2021
> > New Revision: 1886460
> >
> > URL: http://svn.apache.org/viewvc?rev=1886460&view=rev
> > Log:
> > Add a test for the NULL deref issue also known as CVE-2020-17525.
> >
> > * subversion/tests/cmdline/mod_authz_svn_tests.py
> > (nonexistent_repos_relative_access_file): New test.
>
> Propose this for backport?
Yes, done now in r1886583.
> > +++ subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Fri Feb 12 10:40:16 2021
> > @@ -1072,6 +1072,43 @@ def repos_relative_access_file(sbox):
> >
> > verify_gets(test_area_url, in_repos_authz_tests)
> >
> > +# test for the bug also known as CVS-2020-17525
>
> s/S/E/
Thank you! This typo is also fixed now and part of the backport proposal.
Thanks,
Stefan
Re: svn commit: r1886460 -
/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
stsp@apache.org wrote on Fri, Feb 12, 2021 at 10:40:16 -0000:
> Author: stsp
> Date: Fri Feb 12 10:40:16 2021
> New Revision: 1886460
>
> URL: http://svn.apache.org/viewvc?rev=1886460&view=rev
> Log:
> Add a test for the NULL deref issue also known as CVE-2020-17525.
>
> * subversion/tests/cmdline/mod_authz_svn_tests.py
> (nonexistent_repos_relative_access_file): New test.
Propose this for backport?
> +++ subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Fri Feb 12 10:40:16 2021
> @@ -1072,6 +1072,43 @@ def repos_relative_access_file(sbox):
>
> verify_gets(test_area_url, in_repos_authz_tests)
>
> +# test for the bug also known as CVS-2020-17525
s/S/E/
> +@SkipUnless(svntest.main.is_ra_type_dav)
> +def nonexistent_repos_relative_access_file(sbox):
> + "repos-relative access file with bad repository URL"
Re: svn commit: r1886460 -
/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
stsp@apache.org wrote on Fri, Feb 12, 2021 at 10:40:16 -0000:
> Author: stsp
> Date: Fri Feb 12 10:40:16 2021
> New Revision: 1886460
>
> URL: http://svn.apache.org/viewvc?rev=1886460&view=rev
> Log:
> Add a test for the NULL deref issue also known as CVE-2020-17525.
>
> * subversion/tests/cmdline/mod_authz_svn_tests.py
> (nonexistent_repos_relative_access_file): New test.
Propose this for backport?
> +++ subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Fri Feb 12 10:40:16 2021
> @@ -1072,6 +1072,43 @@ def repos_relative_access_file(sbox):
>
> verify_gets(test_area_url, in_repos_authz_tests)
>
> +# test for the bug also known as CVS-2020-17525
s/S/E/
> +@SkipUnless(svntest.main.is_ra_type_dav)
> +def nonexistent_repos_relative_access_file(sbox):
> + "repos-relative access file with bad repository URL"