summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch
blob: a54d6944ede32d417d15b9821bbbc5ce11b9160c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Upstream-Status: Backport

Index: tools/server-side/mod_dontdothat/mod_dontdothat.c
===================================================================
--- a/tools/server-side/mod_dontdothat/mod_dontdothat.c	(revision 1239695)
+++ b/tools/server-side/mod_dontdothat/mod_dontdothat.c	(revision 1542078)
@@ -30,12 +30,15 @@
 #include <util_filter.h>
 #include <ap_config.h>
 #include <apr_strings.h>
+#include <apr_uri.h>
 
 #include <expat.h>
 
 #include "mod_dav_svn.h"
 #include "svn_string.h"
 #include "svn_config.h"
+#include "svn_path.h"
+#include "private/svn_fspath.h"
 
 module AP_MODULE_DECLARE_DATA dontdothat_module;
 
@@ -161,26 +164,71 @@
     }
 }
 
+/* duplicate of dav_svn__log_err() from mod_dav_svn/util.c */
+static void
+log_dav_err(request_rec *r,
+            dav_error *err,
+            int level)
+{
+    dav_error *errscan;
+
+    /* Log the errors */
+    /* ### should have a directive to log the first or all */
+    for (errscan = err; errscan != NULL; errscan = errscan->prev) {
+        apr_status_t status;
+
+        if (errscan->desc == NULL)
+            continue;
+
+#if AP_MODULE_MAGIC_AT_LEAST(20091119,0)
+        status = errscan->aprerr;
+#else
+        status = errscan->save_errno;
+#endif
+
+        ap_log_rerror(APLOG_MARK, level, status, r,
+                      "%s  [%d, #%d]",
+                      errscan->desc, errscan->status, errscan->error_id);
+    }
+}
+
 static svn_boolean_t
 is_this_legal(dontdothat_filter_ctx *ctx, const char *uri)
 {
   const char *relative_path;
   const char *cleaned_uri;
   const char *repos_name;
+  const char *uri_path;
   int trailing_slash;
   dav_error *derr;
 
-  /* Ok, so we need to skip past the scheme, host, etc. */
-  uri = ap_strstr_c(uri, "://");
-  if (uri)
-    uri = ap_strchr_c(uri + 3, '/');
+  /* uri can be an absolute uri or just a path, we only want the path to match
+   * against */
+  if (uri && svn_path_is_url(uri))
+    {
+      apr_uri_t parsed_uri;
+      apr_status_t rv = apr_uri_parse(ctx->r->pool, uri, &parsed_uri);
+      if (APR_SUCCESS != rv)
+        {
+          /* Error parsing the URI, log and reject request. */
+          ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, ctx->r,
+                        "mod_dontdothat: blocked request after failing "
+                        "to parse uri: '%s'", uri);
+          return FALSE;
+        }
+      uri_path = parsed_uri.path;
+    }
+  else
+    {
+      uri_path = uri;
+    }
 
-  if (uri)
+  if (uri_path)
     {
       const char *repos_path;
 
       derr = dav_svn_split_uri(ctx->r,
-                               uri,
+                               uri_path,
                                ctx->cfg->base_path,
                                &cleaned_uri,
                                &trailing_slash,
@@ -194,7 +242,7 @@
           if (! repos_path)
             repos_path = "";
 
-          repos_path = apr_psprintf(ctx->r->pool, "/%s", repos_path);
+          repos_path = svn_fspath__canonicalize(repos_path, ctx->r->pool);
 
           /* First check the special cases that are always legal... */
           for (idx = 0; idx < ctx->allow_recursive_ops->nelts; ++idx)
@@ -228,7 +276,20 @@
                 }
             }
         }
+      else
+        {
+          log_dav_err(ctx->r, derr, APLOG_ERR);
+          return FALSE;
+        }
+
     }
+  else
+    {
+      ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r,
+                    "mod_dontdothat: empty uri passed to is_this_legal(), "
+                    "module bug?");
+      return FALSE;
+    }
 
   return TRUE;
 }