Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-3236

plaintext-passwords assumes pools live across RA sessions

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: trunk
    • Fix Version/s: 1.6.0
    • Component/s: libsvn_subr
    • Labels:
      None

      Description

      the plaintext-passwords branch (which is new in 1.6) added an API requirement
      that the pools passed to save_credentials and svn_auth_save_credentials (in
      svn_auth.h) survive across RA sessions, and will segfault if this requirement is
      not met.
      
      As described in svn_auth__simple_save_creds_helper of trunk:
      
                             * XXX: Hopefully, our caller has passed us
                             * a pool that survives across RA sessions!
                             * We use that pool to cache user answers, and
                             * we may be called again for the same realm when the
                             * current RA session is reparented, or when a different
                             * RA session using the same realm is opened.
                             * If the pool does not survive until then, caching
                             * won't work, and for some reason the call to
                             * apr_hash_set() below may even end up crashing in
                             * apr_palloc().
      
      Quoting the tail of a discussion with kfogel and stsp,
      
      	<stsp> well, I also updated the API docs so people using our libs are made
      aware of the problem
      	<danielsh> yeah, you documented it, but if someone out there is passing a
      short-lived pool, they'll segfault when they upgrade to 1.6
      	<stsp> yes
      	<stsp> it needs to be fixed
      	<stsp> the fix is: put the cache in auth_baton, pass it down to the callback
      	<stsp> this touches public API but I'd rather rev API than have people crash
      for no reason other than being lazy ;)
      

      http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=137815

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              danielsh Daniel Shahaf
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: