On Tue, Feb 06, 2007 at 03:51:12PM +0000, [EMAIL PROTECTED] wrote:
> I've recently spent some time debugging an issue with subversion
> accessing a repository using Kerberos authentication, and I found a
> bug in ne_auth.c. The patch below fixes this. In essence, the code
> failed to check for a valid function pointer before dereferencing it,
> ending up in execution off of a NULL pointer.
>
> Is this fix the correct thing to do? We see correct kerberos
> authentication with this in place. Thanks!
Thanks, this looks necessary for the SSPI case indeed, good catch! I've
applied this for the next release.
> diff -urN neon-0.26.3/src/ne_auth.c neon/src/ne_auth.c
> --- neon-0.26.3/src/ne_auth.c 2007-01-22 11:12:23.000000000 -0500
> +++ neon/src/ne_auth.c 2007-02-06 10:47:17.162832200 -0500
> @@ -1211,7 +1211,7 @@
> && (sess->protocol->flags & AUTH_FLAG_VERIFY_NON40x) == 0) {
> ret = sess->protocol->verify(areq, sess, auth_info_hdr);
> }
> - else if (sess->protocol
> + else if (sess->protocol && sess->protocol->verify
> && sess->protocol->flags && AUTH_FLAG_VERIFY_NON40x
> && (status->klass == 2 || status->klass == 3)
> && auth_hdr) {
> _______________________________________________
> neon mailing list
> [email protected]
> http://mailman.webdav.org/mailman/listinfo/neon
_______________________________________________
neon mailing list
[email protected]
http://mailman.webdav.org/mailman/listinfo/neon
