Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
all
-
None
Description
An API change is required to support HTTPS for any code other then the default svn client. Until fixed this is likely to prevent rapidsvn, pysvn, TortoiseSVN etc from supporting HTTPS: URL's. Here is Tobias Ringstrom analysis -------------------------------- Interesting. Yes, this is a horrible (and quite old) misuse of the provider baton. I can see two ways to fix this: We can either add the realmstring to all credential structs, or we can add a realmstring to the next and save providers functions. The cred_kind/realmstring pair is the key when you search for credentials, so it makes a lot of sense to go for the second alternative, i.e. to add a realmstring parameter to the next and save functions. My original mail ------------------------------------------------ I'm testing SSL callbacks for the pysvn python extension and I'm seeing a reproducible crash with 0.36.0. Pysvn uses the svncpp library from rapidsvn patched to support 0.36.0. I don't know if its the svncpp code or the svn code that is in error here. Can an SSL auth export comment on where a fix needs to be made please? The crash occurs in svn_config_write_auth_data that is passed the realmstring as NULL from ssl_server_trust_file_save_credentials (ssl_server_providers.c). This is because pb->realmstring is NULL in ssl_server_trust_file_save_credential. With the subversion client pb->realmstring will be setup by the code in ssl_server_trust_file_first_credentials. But the svncpp code has its own provider that implements the first_credentials callback but not the save_credentials callback. The code in svn_auth_save_credentials (libsvn_subr/auth.c) is designed to hunt for a save_creditials callback. It loops over the providers, and ends up calling ssl_server_trust_file_save_credentials has no way of being given the realmstring and a crash occurs. 0.35.1 did not crash, it also did not save credential at all. I'm guess that bug was fixed and exposed this new one. The svncpp code that handles this is in src\svncpp\context.cpp in the rapidsvn repository. I've applied this patch against the latest version to support 0.36.0.
Original issue reported by barryscott