Old code allows malicious servers to abort() the process libsvn is linked to, new code doesn't.
Greg Stein wrote on Thu, Feb 09, 2012 at 22:14:39 -0500: > DoS? With the old code: the client died. With the new code: the client > dies. No change that I'm aware of, other than a nicer error message. > > It seems the justification would be, "nicer error message" rather than > anything about DoS. > > Cheers, > -g > On Feb 9, 2012 6:46 PM, <danie...@apache.org> wrote: > > > Author: danielsh > > Date: Thu Feb 9 23:46:06 2012 > > New Revision: 1242608 > > > > URL: http://svn.apache.org/viewvc?rev=1242608&view=rev > > Log: > > Nominate r1242607. > > > > Modified: > > subversion/branches/1.7.x/STATUS > > > > Modified: subversion/branches/1.7.x/STATUS > > URL: > > http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1242608&r1=1242607&r2=1242608&view=diff > > > > ============================================================================== > > --- subversion/branches/1.7.x/STATUS (original) > > +++ subversion/branches/1.7.x/STATUS Thu Feb 9 23:46:06 2012 > > @@ -85,6 +85,13 @@ Candidate changes: > > Votes: > > +1: philip > > > > + * r1242607 > > + Convert ra_serf assertions to errors. > > + Justification: > > + Malicious server can DoS clients. > > + Votes: > > + +1: danielsh > > + > > Veto-blocked changes: > > ===================== > > > > > > > >
