Attachment 391530 Details for Bug 532406 – Subversion Patches for CVE-2014-3580

Subversion Patches for CVE-2014-3580

file_532406.txt (text/plain), 9.08 KB, created by Sean Amoss (RETIRED) on 2014-12-13 02:29:11 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sean Amoss (RETIRED)

Created: 2014-12-13 02:29:11 UTC

Size: 9.08 KB

patch

obsolete

>  Patch against 1.7.18:
>
>[[[
>Index: subversion/mod_dav_svn/reports/deleted-rev.c
>===================================================================
>--- subversion/mod_dav_svn/reports/deleted-rev.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/deleted-rev.c	(working copy)
>@@ -56,6 +56,9 @@ dav_svn__get_deleted_rev_report(const dav_resource
>   dav_error *derr = NULL;
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     return dav_svn__new_error_tag(resource->pool, HTTP_BAD_REQUEST, 0,
>Index: subversion/mod_dav_svn/reports/file-revs.c
>===================================================================
>--- subversion/mod_dav_svn/reports/file-revs.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/file-revs.c	(working copy)
>@@ -251,6 +251,9 @@ dav_svn__file_revs_report(const dav_resource *reso
>   arb.repos = resource->info->repos;
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   /* ### This is done on other places, but the document element is
>      in this namespace, so is this necessary at all? */
>Index: subversion/mod_dav_svn/reports/get-location-segments.c
>===================================================================
>--- subversion/mod_dav_svn/reports/get-location-segments.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/get-location-segments.c	(working copy)
>@@ -123,6 +123,9 @@ dav_svn__get_location_segments_report(const dav_re
>   struct location_segment_baton location_segment_baton;
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>Index: subversion/mod_dav_svn/reports/get-locations.c
>===================================================================
>--- subversion/mod_dav_svn/reports/get-locations.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/get-locations.c	(working copy)
>@@ -106,6 +106,9 @@ dav_svn__get_locations_report(const dav_resource *
>                                       sizeof(svn_revnum_t));
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>Index: subversion/mod_dav_svn/reports/log.c
>===================================================================
>--- subversion/mod_dav_svn/reports/log.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/log.c	(working copy)
>@@ -307,6 +307,9 @@ dav_svn__log_report(const dav_resource *resource,
>     = apr_array_make(resource->pool, 1, sizeof(const char *));
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>Index: subversion/mod_dav_svn/reports/mergeinfo.c
>===================================================================
>--- subversion/mod_dav_svn/reports/mergeinfo.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/mergeinfo.c	(working copy)
>@@ -67,6 +67,9 @@ dav_svn__get_mergeinfo_report(const dav_resource *
>     = apr_array_make(resource->pool, 0, sizeof(const char *));
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>]]]
>
>  Patch against 1.8.10:
>
>[[[
>Index: subversion/mod_dav_svn/reports/deleted-rev.c
>===================================================================
>--- subversion/mod_dav_svn/reports/deleted-rev.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/deleted-rev.c	(working copy)
>@@ -56,6 +56,9 @@ dav_svn__get_deleted_rev_report(const dav_resource
>   dav_error *derr = NULL;
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     return dav_svn__new_error_tag(resource->pool, HTTP_BAD_REQUEST, 0,
>Index: subversion/mod_dav_svn/reports/file-revs.c
>===================================================================
>--- subversion/mod_dav_svn/reports/file-revs.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/file-revs.c	(working copy)
>@@ -254,6 +254,9 @@ dav_svn__file_revs_report(const dav_resource *reso
>   arb.repos = resource->info->repos;
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   /* ### This is done on other places, but the document element is
>      in this namespace, so is this necessary at all? */
>Index: subversion/mod_dav_svn/reports/get-location-segments.c
>===================================================================
>--- subversion/mod_dav_svn/reports/get-location-segments.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/get-location-segments.c	(working copy)
>@@ -123,6 +123,9 @@ dav_svn__get_location_segments_report(const dav_re
>   struct location_segment_baton location_segment_baton;
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>Index: subversion/mod_dav_svn/reports/get-locations.c
>===================================================================
>--- subversion/mod_dav_svn/reports/get-locations.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/get-locations.c	(working copy)
>@@ -106,6 +106,9 @@ dav_svn__get_locations_report(const dav_resource *
>                                       sizeof(svn_revnum_t));
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>Index: subversion/mod_dav_svn/reports/inherited-props.c
>===================================================================
>--- subversion/mod_dav_svn/reports/inherited-props.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/inherited-props.c	(working copy)
>@@ -63,6 +63,9 @@ dav_svn__get_inherited_props_report(const dav_reso
>   apr_pool_t *iterpool;
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>Index: subversion/mod_dav_svn/reports/log.c
>===================================================================
>--- subversion/mod_dav_svn/reports/log.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/log.c	(working copy)
>@@ -307,6 +307,9 @@ dav_svn__log_report(const dav_resource *resource,
>     = apr_array_make(resource->pool, 1, sizeof(const char *));
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>Index: subversion/mod_dav_svn/reports/mergeinfo.c
>===================================================================
>--- subversion/mod_dav_svn/reports/mergeinfo.c	(revision 1624477)
>+++ subversion/mod_dav_svn/reports/mergeinfo.c	(working copy)
>@@ -67,6 +67,9 @@ dav_svn__get_mergeinfo_report(const dav_resource *
>     = apr_array_make(resource->pool, 0, sizeof(const char *));
> 
>   /* Sanity check. */
>+  if (!resource->info->repos_path)
>+    return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST, 0,
>+                              "The request does not specify a repository path");
>   ns = dav_svn__find_ns(doc->namespaces, SVN_XML_NAMESPACE);
>   if (ns == -1)
>     {
>]]]

Actions: View

Attachments on bug 532406: 391530 | 391532