Blame SOURCES/subversion-1.7.14-CVE-2014-3528.patch
|
 |
172f77 |
|
|
|
172f77 |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3528
|
|
|
172f77 |
|
|
|
172f77 |
http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
|
|
|
172f77 |
|
|
|
172f77 |
http://svn.apache.org/viewvc?view=revision&revision=r1615193
|
|
|
172f77 |
|
|
|
172f77 |
--- subversion-1.7.14/subversion/libsvn_subr/config_auth.c.cve3528
|
|
|
172f77 |
+++ subversion-1.7.14/subversion/libsvn_subr/config_auth.c
|
|
|
172f77 |
@@ -90,6 +90,7 @@ svn_config_read_auth_data(apr_hash_t **h
|
|
|
172f77 |
if (kind == svn_node_file)
|
|
|
172f77 |
{
|
|
|
172f77 |
svn_stream_t *stream;
|
|
|
172f77 |
+ svn_string_t *stored_realm;
|
|
|
172f77 |
|
|
|
172f77 |
SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
|
|
|
172f77 |
_("Unable to open auth file for reading"));
|
|
|
172f77 |
@@ -100,6 +101,12 @@ svn_config_read_auth_data(apr_hash_t **h
|
|
|
172f77 |
apr_psprintf(pool, _("Error parsing '%s'"),
|
|
|
172f77 |
svn_dirent_local_style(auth_path, pool)));
|
|
|
172f77 |
|
|
|
172f77 |
+ stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
|
|
|
172f77 |
+ APR_HASH_KEY_STRING);
|
|
|
172f77 |
+
|
|
|
172f77 |
+ if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
|
|
|
172f77 |
+ *hash = NULL; /* Hash collision, or somebody tampering with storage */
|
|
|
172f77 |
+
|
|
|
172f77 |
SVN_ERR(svn_stream_close(stream));
|
|
|
172f77 |
}
|
|
|
172f77 |
|