aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch')
-rw-r--r--meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
new file mode 100644
index 0000000000..23e738e985
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/subversion-CVE-2014-3528.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+
+diff --git a/subversion/libsvn_subr/config_auth.c.old b/subversion/libsvn_subr/config_auth.c
+index ff50270..c511d04 100644
+--- a/subversion/libsvn_subr/config_auth.c.old
++++ b/subversion/libsvn_subr/config_auth.c
+@@ -85,6 +85,7 @@ svn_config_read_auth_data(apr_hash_t **hash,
+ if (kind == svn_node_file)
+ {
+ svn_stream_t *stream;
++ svn_string_t *stored_realm;
+
+ SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
+ _("Unable to open auth file for reading"));
+@@ -95,6 +96,12 @@ svn_config_read_auth_data(apr_hash_t **hash,
+ apr_psprintf(pool, _("Error parsing '%s'"),
+ svn_path_local_style(auth_path, pool)));
+
++ stored_realm = apr_hash_get(*hash, SVN_CONFIG_REALMSTRING_KEY,
++ APR_HASH_KEY_STRING);
++
++ if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
++ *hash = NULL; /* Hash collision, or somebody tampering with storage */
++
+ SVN_ERR(svn_stream_close(stream));
+ }
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-07 19:46:00 +0000