svn commit: r1643437 - /subversion/trunk/subversion/mod_dav_svn/repos.c

Fri, 05 Dec 2014 13:34:35 -0800 

Author: breser
Date: Fri Dec  5 21:34:06 2014
New Revision: 1643437

URL: http://svn.apache.org/r1643437
Log:
mod_dav_svn: Validate transaction names and activity ids.

* subversion/mod_dav_svn/repos.c
  (parse_vtxnstub_uri, parse_vtxnroot_uri): Validate transaction name.
  (prep_working, prep_activity): Validate activity id.

Patch by: philip

Modified:
    subversion/trunk/subversion/mod_dav_svn/repos.c

Modified: subversion/trunk/subversion/mod_dav_svn/repos.c
URL: 
http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_dav_svn/repos.c?rev=1643437&r1=1643436&r2=1643437&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_dav_svn/repos.c (original)
+++ subversion/trunk/subversion/mod_dav_svn/repos.c Fri Dec  5 21:34:06 2014
@@ -509,6 +509,9 @@ parse_vtxnstub_uri(dav_resource_combined
   if (parse_txnstub_uri(comb, path, label, use_checked_in))
     return TRUE;
 
+  if (!comb->priv.root.txn_name)
+    return TRUE;
+
   comb->priv.root.vtxn_name = comb->priv.root.txn_name;
   comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos,
                                               comb->priv.root.vtxn_name);
@@ -577,6 +580,9 @@ parse_vtxnroot_uri(dav_resource_combined
   if (parse_txnroot_uri(comb, path, label, use_checked_in))
     return TRUE;
 
+  if (!comb->priv.root.txn_name)
+    return TRUE;
+
   comb->priv.root.vtxn_name = comb->priv.root.txn_name;
   comb->priv.root.txn_name = dav_svn__get_txn(comb->priv.repos,
                                               comb->priv.root.vtxn_name);
@@ -922,6 +928,10 @@ prep_working(dav_resource_combined *comb
      point. */
   if (txn_name == NULL)
     {
+      if (!comb->priv.root.activity_id)
+        return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0,
+                                  "The request did not specify an activity 
ID");
+
       txn_name = dav_svn__get_txn(comb->priv.repos,
                                   comb->priv.root.activity_id);
       if (txn_name == NULL)
@@ -1032,8 +1042,13 @@ prep_working(dav_resource_combined *comb
 static dav_error *
 prep_activity(dav_resource_combined *comb)
 {
-  const char *txn_name = dav_svn__get_txn(comb->priv.repos,
-                                          comb->priv.root.activity_id);
+  const char *txn_name;
+
+  if (!comb->priv.root.activity_id)
+    return dav_svn__new_error(comb->res.pool, HTTP_BAD_REQUEST, 0,
+                              "The request did not specify an activity ID");
+
+  txn_name = dav_svn__get_txn(comb->priv.repos, comb->priv.root.activity_id);
 
   comb->priv.root.txn_name = txn_name;
   comb->res.exists = txn_name != NULL;

Reply via email to