Index: subversion/libsvn_subr/config_auth.c =================================================================== --- subversion/libsvn_subr/config_auth.c (revision 1615184) +++ subversion/libsvn_subr/config_auth.c (working copy) @@ -90,6 +90,7 @@ svn_config_read_auth_data(apr_hash_t **hash, if (kind == svn_node_file) { svn_stream_t *stream; + svn_string_t *stored_realm; SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool), _("Unable to open auth file for reading")); @@ -100,6 +101,12 @@ svn_config_read_auth_data(apr_hash_t **hash, apr_psprintf(pool, _("Error parsing '%s'"), svn_dirent_local_style(auth_path, pool))); + stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY, + APR_HASH_KEY_STRING); + + if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0) + *hash = NULL; /* Hash collision, or somebody tampering with storage */ + SVN_ERR(svn_stream_close(stream)); } ]]] Patch against 1.8.9: [[[ Index: subversion/libsvn_subr/config_auth.c =================================================================== --- subversion/libsvn_subr/config_auth.c (revision 1605943) +++ subversion/libsvn_subr/config_auth.c (revision 1605944) @@ -94,6 +94,7 @@ svn_config_read_auth_data(apr_hash_t **hash, if (kind == svn_node_file) { svn_stream_t *stream; + svn_string_t *stored_realm; SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool), _("Unable to open auth file for reading")); @@ -104,6 +105,11 @@ svn_config_read_auth_data(apr_hash_t **hash, apr_psprintf(pool, _("Error parsing '%s'"), svn_dirent_local_style(auth_path, pool))); + stored_realm = svn_hash_gets(*hash, SVN_CONFIG_REALMSTRING_KEY); + + if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0) + *hash = NULL; /* Hash collision, or somebody tampering with storage */ + SVN_ERR(svn_stream_close(stream)); }