Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
trunk
-
None
Description
the plaintext-passwords branch (which is new in 1.6) added an API requirement
that the pools passed to save_credentials and svn_auth_save_credentials (in
svn_auth.h) survive across RA sessions, and will segfault if this requirement is
not met.
As described in svn_auth__simple_save_creds_helper of trunk:
* XXX: Hopefully, our caller has passed us
* a pool that survives across RA sessions!
* We use that pool to cache user answers, and
* we may be called again for the same realm when the
* current RA session is reparented, or when a different
* RA session using the same realm is opened.
* If the pool does not survive until then, caching
* won't work, and for some reason the call to
* apr_hash_set() below may even end up crashing in
* apr_palloc().
Quoting the tail of a discussion with kfogel and stsp,
<stsp> well, I also updated the API docs so people using our libs are made
aware of the problem
<danielsh> yeah, you documented it, but if someone out there is passing a
short-lived pool, they'll segfault when they upgrade to 1.6
<stsp> yes
<stsp> it needs to be fixed
<stsp> the fix is: put the cache in auth_baton, pass it down to the callback
<stsp> this touches public API but I'd rather rev API than have people crash
for no reason other than being lazy ;)
http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=137815