mod_authz_svn_tests.py

stsp Fri, 12 Feb 2021 02:40:22 -0800

Author: stsp
Date: Fri Feb 12 10:40:16 2021
New Revision: 1886460

URL: http://svn.apache.org/viewvc?rev=1886460&view=rev
Log:
Add a test for the NULL deref issue also known as CVE-2020-17525.


* subversion/tests/cmdline/mod_authz_svn_tests.py
  (nonexistent_repos_relative_access_file): New test.

Modified:
    subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py

Modified: subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py
URL: 
http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py?rev=1886460&r1=1886459&r2=1886460&view=diff
==============================================================================
--- subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py (original)
+++ subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py Fri Feb 12 
10:40:16 2021
@@ -1072,6 +1072,43 @@ def repos_relative_access_file(sbox):
 
   verify_gets(test_area_url, in_repos_authz_tests)
 
+# test for the bug also known as CVS-2020-17525
+@SkipUnless(svntest.main.is_ra_type_dav)
+def nonexistent_repos_relative_access_file(sbox):
+  "repos-relative access file with bad repository URL"
+
+  sbox.build()
+
+  test_area_url = sbox.repo_url.replace('/svn-test-work/repositories/',
+                                        '/authz-test-work/in-repos-authz/')
+
+  # Construct a bad test-area URL to see what happens if we attempt to access
+  # a repository in a subdirectory which does not exist in SVNParentPath.
+  # This used to crash the server with a NULL-pointer dereference upon
+  # unauthenticated access.
+  test_area_url += '-this/does/not/exist'
+
+  svntest.main.write_authz_file(sbox, {"/": "", "/A": "%s = rw" % user1})
+  shutil.move(sbox.authz_file, os.path.join(sbox.wc_dir, 'authz'))
+  sbox.simple_add('authz')
+  svntest.actions.run_and_verify_svn(None, [], 'relocate',
+      sbox.file_protocol_repo_url(), sbox.wc_dir)
+  sbox.simple_commit(message="adding in-repository authz rules file")
+
+  # access is denied across the board since this repository does not exist
+  in_repos_authz_tests = (
+                 { 'path': '', 'status': 401, },
+                 { 'path': '/authz', 'status': 401, },
+                 { 'path': '/authz', 'user' : user1, 'pw' : user1_pass,
+                   'status': 403, },
+                 { 'path': '/A', 'user' : user1, 'pw' : user1_pass,
+                   'status': 403, },
+                 { 'path': '/A/', 'user' : user1, 'pw' : user1_pass,
+                   'status': 403, },
+  )
+
+  verify_gets(test_area_url, in_repos_authz_tests)
+
 
 ########################################################################
 # Run the tests
@@ -1089,6 +1126,7 @@ test_list = [ None,
               authn_sallrany,
               authn_sallrall,
               repos_relative_access_file,
+              nonexistent_repos_relative_access_file,
              ]
 serial_only = True

svn commit: r1886460 - /subversion/trunk/subversion/tests/cmdline/mod_authz_svn_tests.py

Reply via email to