svn commit: r1600983 - in /subversion/branches/1.7.x-md5-collision: ./ subversion/libsvn_subr/config_auth.c

Fri, 06 Jun 2014 12:14:00 -0700 

Author: breser
Date: Fri Jun  6 19:13:21 2014
New Revision: 1600983

URL: http://svn.apache.org/r1600983
Log:
On the 1.7.x-md5-collision branch: Merge r1550691, r1550772, r1600909 from 
trunk.

svn_hash_gets(...) was changed to apr_hash_get(..., APR_HASH_KEY_STRING) since
the svn_hash_gets() macro was not available in 1.7.x.

Modified:
    subversion/branches/1.7.x-md5-collision/   (props changed)
    subversion/branches/1.7.x-md5-collision/subversion/libsvn_subr/config_auth.c

Propchange: subversion/branches/1.7.x-md5-collision/
------------------------------------------------------------------------------
  Merged /subversion/trunk:r1550691,1550772,1600909

Modified: 
subversion/branches/1.7.x-md5-collision/subversion/libsvn_subr/config_auth.c
URL: 
http://svn.apache.org/viewvc/subversion/branches/1.7.x-md5-collision/subversion/libsvn_subr/config_auth.c?rev=1600983&r1=1600982&r2=1600983&view=diff
==============================================================================
--- 
subversion/branches/1.7.x-md5-collision/subversion/libsvn_subr/config_auth.c 
(original)
+++ 
subversion/branches/1.7.x-md5-collision/subversion/libsvn_subr/config_auth.c 
Fri Jun  6 19:13:21 2014
@@ -90,6 +90,7 @@ svn_config_read_auth_data(apr_hash_t **h
   if (kind == svn_node_file)
     {
       svn_stream_t *stream;
+      svn_string_t *stored_realm;
 
       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
                 _("Unable to open auth file for reading"));
@@ -100,6 +101,12 @@ svn_config_read_auth_data(apr_hash_t **h
                 apr_psprintf(pool, _("Error parsing '%s'"),
                              svn_dirent_local_style(auth_path, pool)));
 
+      stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
+                                  APR_HASH_KEY_STRING);
+
+      if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
+        *hash = NULL; /* Hash collision, or somebody tampering with storage */
+
       SVN_ERR(svn_stream_close(stream));
     }

Reply via email to