Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 382378 Details for
Bug 519202
<dev-vcs/subversion-{1.7.18,1.8.10}, <net-libs/serf-1.3.7: Man-in-the-middle vulnerability, hash collisions (CVE-2014-{3504,3522,3528})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Subversion CVE-2014-3528 patch
subversion-cve-2014-3528.patch (text/plain), 2.09 KB, created by
Chris Reffett (RETIRED)
on 2014-08-06 12:35:09 UTC
(
hide
)
Description:
Subversion CVE-2014-3528 patch
Filename:
MIME Type:
Creator:
Chris Reffett (RETIRED)
Created:
2014-08-06 12:35:09 UTC
Size:
2.09 KB
patch
obsolete
>Index: subversion/libsvn_subr/config_auth.c >=================================================================== >--- subversion/libsvn_subr/config_auth.c (revision 1615184) >+++ subversion/libsvn_subr/config_auth.c (working copy) >@@ -90,6 +90,7 @@ svn_config_read_auth_data(apr_hash_t **hash, > if (kind == svn_node_file) > { > svn_stream_t *stream; >+ svn_string_t *stored_realm; > > SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool), > _("Unable to open auth file for reading")); >@@ -100,6 +101,12 @@ svn_config_read_auth_data(apr_hash_t **hash, > apr_psprintf(pool, _("Error parsing '%s'"), > svn_dirent_local_style(auth_path, pool))); > >+ stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY, >+ APR_HASH_KEY_STRING); >+ >+ if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0) >+ *hash = NULL; /* Hash collision, or somebody tampering with storage */ >+ > SVN_ERR(svn_stream_close(stream)); > } > >]]] > > Patch against 1.8.9: > >[[[ >Index: subversion/libsvn_subr/config_auth.c >=================================================================== >--- subversion/libsvn_subr/config_auth.c (revision 1605943) >+++ subversion/libsvn_subr/config_auth.c (revision 1605944) >@@ -94,6 +94,7 @@ svn_config_read_auth_data(apr_hash_t **hash, > if (kind == svn_node_file) > { > svn_stream_t *stream; >+ svn_string_t *stored_realm; > > SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool), > _("Unable to open auth file for reading")); >@@ -104,6 +105,11 @@ svn_config_read_auth_data(apr_hash_t **hash, > apr_psprintf(pool, _("Error parsing '%s'"), > svn_dirent_local_style(auth_path, pool))); > >+ stored_realm = svn_hash_gets(*hash, SVN_CONFIG_REALMSTRING_KEY); >+ >+ if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0) >+ *hash = NULL; /* Hash collision, or somebody tampering with storage */ >+ > SVN_ERR(svn_stream_close(stream)); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=382378">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 519202
:
382374
|
382376
| 382378
