Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 391532 Details for
Bug 532406
<dev-vcs/subversion-{1.7.19,1.8.11}: Two Denial of Service vulnerabilities (CVE-2014-{3580,8108})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Subversion Patches for CVE-2014-8108
file_532406.txt (text/plain), 4.29 KB, created by
Sean Amoss (RETIRED)
on 2014-12-13 02:30:09 UTC
(
hide
)
Description:
Subversion Patches for CVE-2014-8108
Filename:
MIME Type:
Creator:
Sean Amoss (RETIRED)
Created:
2014-12-13 02:30:09 UTC
Size:
4.29 KB
patch
obsolete
> Patch against 1.7.18: > >[[[ >Index: subversion/mod_dav_svn/repos.c >=================================================================== >--- subversion/mod_dav_svn/repos.c (revision 1624477) >+++ subversion/mod_dav_svn/repos.c (working copy) >@@ -506,6 +506,9 @@ parse_vtxnstub_uri(dav_resource_combined *comb, > if (parse_txnstub_uri(comb, path, label, use_checked_in)) > return TRUE; > >+ if (!comb->priv.root.txn_name) >+ return TRUE; >+ > comb->priv.root.vtxn_name = comb->priv.root.txn_name; > comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos, > comb->priv.root.vtxn_name); >@@ -574,6 +577,9 @@ parse_vtxnroot_uri(dav_resource_combined *comb, > if (parse_txnroot_uri(comb, path, label, use_checked_in)) > return TRUE; > >+ if (!comb->priv.root.txn_name) >+ return TRUE; >+ > comb->priv.root.vtxn_name = comb->priv.root.txn_name; > comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos, > comb->priv.root.vtxn_name); >@@ -919,6 +925,10 @@ prep_working(dav_resource_combined *comb) > point. */ > if (txn_name == NULL) > { >+ if (!comb->priv.root.activity_id) >+ return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0, >+ "The request did not specify an activity ID"); >+ > txn_name = dav_svn__get_txn(comb->priv.repos, > comb->priv.root.activity_id); > if (txn_name == NULL) >@@ -1029,9 +1039,14 @@ prep_working(dav_resource_combined *comb) > static dav_error * > prep_activity(dav_resource_combined *comb) > { >- const char *txn_name = dav_svn__get_txn(comb->priv.repos, >- comb->priv.root.activity_id); >+ const char *txn_name; > >+ if (!comb->priv.root.activity_id) >+ return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0, >+ "The request did not specify an activity ID"); >+ >+ txn_name = dav_svn__get_txn(comb->priv.repos, comb->priv.root.activity_id); >+ > comb->priv.root.txn_name = txn_name; > comb->res.exists = txn_name != NULL; > >]]] > > Patch against 1.8.10: > >[[[ >Index: subversion/mod_dav_svn/repos.c >=================================================================== >--- subversion/mod_dav_svn/repos.c (revision 1624477) >+++ subversion/mod_dav_svn/repos.c (working copy) >@@ -508,6 +508,9 @@ parse_vtxnstub_uri(dav_resource_combined *comb, > if (parse_txnstub_uri(comb, path, label, use_checked_in)) > return TRUE; > >+ if (!comb->priv.root.txn_name) >+ return TRUE; >+ > comb->priv.root.vtxn_name = comb->priv.root.txn_name; > comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos, > comb->priv.root.vtxn_name); >@@ -576,6 +579,9 @@ parse_vtxnroot_uri(dav_resource_combined *comb, > if (parse_txnroot_uri(comb, path, label, use_checked_in)) > return TRUE; > >+ if (!comb->priv.root.txn_name) >+ return TRUE; >+ > comb->priv.root.vtxn_name = comb->priv.root.txn_name; > comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos, > comb->priv.root.vtxn_name); >@@ -921,6 +927,10 @@ prep_working(dav_resource_combined *comb) > point. */ > if (txn_name == NULL) > { >+ if (!comb->priv.root.activity_id) >+ return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0, >+ "The request did not specify an activity ID"); >+ > txn_name = dav_svn__get_txn(comb->priv.repos, > comb->priv.root.activity_id); > if (txn_name == NULL) >@@ -1031,9 +1041,14 @@ prep_working(dav_resource_combined *comb) > static dav_error * > prep_activity(dav_resource_combined *comb) > { >- const char *txn_name = dav_svn__get_txn(comb->priv.repos, >- comb->priv.root.activity_id); >+ const char *txn_name; > >+ if (!comb->priv.root.activity_id) >+ return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0, >+ "The request did not specify an activity ID"); >+ >+ txn_name = dav_svn__get_txn(comb->priv.repos, comb->priv.root.activity_id); >+ > comb->priv.root.txn_name = txn_name; > comb->res.exists = txn_name != NULL; > >]]]
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=391532">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 532406
:
391530
| 391532
