Author: stsp Date: Fri Feb 12 10:40:16 2021 New Revision: 1886460 URL: http://svn.apache.org/viewvc?rev=1886460&view=rev Log: Add a test for the NULL deref issue also known as CVE-2020-17525.
* subversion/tests/cmdline/mod_authz_svn_tests.py (nonexistent_repos_relative_access_file): New test. Modified: subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Modified: subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py?rev=1886460&r1=1886459&r2=1886460&view=diff ============================================================================== --- subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py (original) +++ subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Fri Feb 12 10:40:16 2021 @@ -1072,6 +1072,43 @@ def repos_relative_access_file(sbox): verify_gets(test_area_url, in_repos_authz_tests) +# test for the bug also known as CVS-2020-17525 +@SkipUnless(svntest.main.is_ra_type_dav) +def nonexistent_repos_relative_access_file(sbox): + "repos-relative access file with bad repository URL" + + sbox.build() + + test_area_url = sbox.repo_url.replace('/svn-test-work/repositories/', + '/authz-test-work/in-repos-authz/') + + # Construct a bad test-area URL to see what happens if we attempt to access + # a repository in a subdirectory which does not exist in SVNParentPath. + # This used to crash the server with a NULL-pointer dereference upon + # unauthenticated access. + test_area_url += '-this/does/not/exist' + + svntest.main.write_authz_file(sbox, {"/": "", "/A": "%s = rw" % user1}) + shutil.move(sbox.authz_file, os.path.join(sbox.wc_dir, 'authz')) + sbox.simple_add('authz') + svntest.actions.run_and_verify_svn(None, [], 'relocate', + sbox.file_protocol_repo_url(), sbox.wc_dir) + sbox.simple_commit(message="adding in-repository authz rules file") + + # access is denied across the board since this repository does not exist + in_repos_authz_tests = ( + { 'path': '', 'status': 401, }, + { 'path': '/authz', 'status': 401, }, + { 'path': '/authz', 'user' : user1, 'pw' : user1_pass, + 'status': 403, }, + { 'path': '/A', 'user' : user1, 'pw' : user1_pass, + 'status': 403, }, + { 'path': '/A/', 'user' : user1, 'pw' : user1_pass, + 'status': 403, }, + ) + + verify_gets(test_area_url, in_repos_authz_tests) + ######################################################################## # Run the tests @@ -1089,6 +1126,7 @@ test_list = [ None, authn_sallrany, authn_sallrall, repos_relative_access_file, + nonexistent_repos_relative_access_file, ] serial_only = True