# ./pullrev.sh 1667246

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0248

http://svn.apache.org/viewvc?view=revision&revision=1667246

--- subversion-1.7.14/subversion/mod_dav_svn/reports/get-location-segments.c

+++ subversion-1.7.14/subversion/mod_dav_svn/reports/get-location-segments.c

@@ -181,17 +181,36 @@

                                   "Not all parameters passed.",

                                   SVN_DAV_ERROR_NAMESPACE,

                                   SVN_DAV_ERROR_TAG);

-  if (SVN_IS_VALID_REVNUM(start_rev)

-      && SVN_IS_VALID_REVNUM(end_rev)

-      && (end_rev > start_rev))

+

+  /* No START_REV or PEG_REVISION?  We'll use HEAD. */

+  if (!SVN_IS_VALID_REVNUM(start_rev) || !SVN_IS_VALID_REVNUM(peg_revision))

+    {

+      svn_revnum_t youngest;

+

+      serr = svn_fs_youngest_rev(&youngest, resource->info->repos->fs,

+                                 resource->pool);

+      if (serr != NULL)

+        return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,

+                                    "Could not determine youngest revision",

+                                    resource->pool);

+

+      if (!SVN_IS_VALID_REVNUM(start_rev))

+        start_rev = youngest;

+      if (!SVN_IS_VALID_REVNUM(peg_revision))

+        peg_revision = youngest;

+    }

+

+  /* No END_REV?  We'll use 0. */

+  if (!SVN_IS_VALID_REVNUM(end_rev))

+    end_rev = 0;

+

+  if (end_rev > start_rev)

     return dav_svn__new_error_tag(resource->pool, HTTP_BAD_REQUEST, 0,

                                   "End revision must not be younger than "

                                   "start revision",

                                   SVN_DAV_ERROR_NAMESPACE,

                                   SVN_DAV_ERROR_TAG);

-  if (SVN_IS_VALID_REVNUM(peg_revision)

-      && SVN_IS_VALID_REVNUM(start_rev)

-      && (start_rev > peg_revision))

+  if (start_rev > peg_revision)

     return dav_svn__new_error_tag(resource->pool, HTTP_BAD_REQUEST, 0,

                                   "Start revision must not be younger than "

                                   "peg revision",

--- subversion-1.7.14/subversion/svnserve/serve.c

+++ subversion-1.7.14/subversion/svnserve/serve.c

@@ -2266,10 +2266,31 @@

   abs_path = svn_fspath__join(b->fs_path->data, relative_path, pool);

-  if (SVN_IS_VALID_REVNUM(start_rev)

-      && SVN_IS_VALID_REVNUM(end_rev)

-      && (end_rev > start_rev))

+  SVN_ERR(trivial_auth_request(conn, pool, b));

+  SVN_ERR(log_command(baton, conn, pool, "%s",

+                      svn_log__get_location_segments(abs_path, peg_revision,

+                                                     start_rev, end_rev,

+                                                     pool)));

+

+  /* No START_REV or PEG_REVISION?  We'll use HEAD. */

+  if (!SVN_IS_VALID_REVNUM(start_rev) || !SVN_IS_VALID_REVNUM(peg_revision))

     {

+      svn_revnum_t youngest;

+

+      SVN_CMD_ERR(svn_fs_youngest_rev(&youngest, b->fs, pool));

+

+      if (!SVN_IS_VALID_REVNUM(start_rev))

+        start_rev = youngest;

+      if (!SVN_IS_VALID_REVNUM(peg_revision))

+        peg_revision = youngest;

+    }

+

+  /* No END_REV?  We'll use 0. */

+  if (!SVN_IS_VALID_REVNUM(end_rev))

+    end_rev = 0;

+

+  if (end_rev > start_rev)

+    {

       err = svn_error_createf(SVN_ERR_INCORRECT_PARAMS, NULL,

                               "Get-location-segments end revision must not be "

                               "younger than start revision");

@@ -2276,9 +2297,7 @@

       return log_fail_and_flush(err, b, conn, pool);

     }

-  if (SVN_IS_VALID_REVNUM(peg_revision)

-      && SVN_IS_VALID_REVNUM(start_rev)

-      && (start_rev > peg_revision))

+  if (start_rev > peg_revision)

     {

       err = svn_error_createf(SVN_ERR_INCORRECT_PARAMS, NULL,

                               "Get-location-segments start revision must not "

@@ -2286,12 +2305,6 @@

       return log_fail_and_flush(err, b, conn, pool);

     }

-  SVN_ERR(trivial_auth_request(conn, pool, b));

-  SVN_ERR(log_command(baton, conn, pool, "%s",

-                      svn_log__get_location_segments(abs_path, peg_revision,

-                                                     start_rev, end_rev,

-                                                     pool)));

-

   /* All the parameters are fine - let's perform the query against the

    * repository. */