Re: Segfault in mod_dav_svn with repositories on /

Ben Reser Sun, 12 Jan 2014 15:45:17 -0800

On 1/10/14, 11:22 PM, Ben Reser wrote:
> On 1/10/14, 4:19 AM, Philip Martin wrote:
>> It is not fixed.  If you look a few lines down we pass a NULL path:
>>
>>           apr_text_append(resource->pool, option,
>>                           dav_svn__build_uri(resource->info->repos,
>>                                              
>> DAV_SVN__BUILD_URI_ACT_COLLECTION,
>>                                              SVN_INVALID_REVNUM, NULL,
>>                                              1 /* add_href */,
>>                                              resource->pool));
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x7f318b7fe700 (LWP 21796)]
>> 0x00007f319a42a391 in dav_svn__build_uri (repos=0x7f3196f682b0, 
>>     what=DAV_SVN__BUILD_URI_ACT_COLLECTION, revision=-1, path=0x0, 
>> add_href=1, 
>>     pool=0x7f3196f6c028) at ../src/subversion/mod_dav_svn/util.c:244
>> 244    if (root_path[0] == '/' && root_path[1] == '\0')
>> (gdb) p root_path
>> $1 = 0x0
>> (gdb) up
>> #1  0x00007f319a42bc2f in get_option (resource=0x7f3196f68330, 
>>     elem=0x7f3196f68728, option=0x7f318b7fdb00)
>>     at ../src/subversion/mod_dav_svn/version.c:188
>> 188            apr_text_append(resource->pool, option,
> 
> I reverted Bert's fix and applied a better one in r1557320.


This issue has been assigned CVE-2014-0032

Re: Segfault in mod_dav_svn with repositories on /

Reply via email to