summaryrefslogtreecommitdiffstats
path: root/subversion/libsvn_subr/config_auth.c
diff options
context:
space:
mode:
authorpeter <peter@FreeBSD.org>2014-08-11 19:19:17 +0000
committerpeter <peter@FreeBSD.org>2014-08-11 19:19:17 +0000
commit0d1e05fe9c6027aaf742eb9b8b05f4dbefb92e2e (patch)
tree7641ccc1b31a300b13c0cfcf8ab6c33e17646de1 /subversion/libsvn_subr/config_auth.c
parent9efa638bec6d135464ff9b3bab358c76671c87bf (diff)
downloadFreeBSD-src-0d1e05fe9c6027aaf742eb9b8b05f4dbefb92e2e.zip
FreeBSD-src-0d1e05fe9c6027aaf742eb9b8b05f4dbefb92e2e.tar.gz
Import svn-1.8.10
Diffstat (limited to 'subversion/libsvn_subr/config_auth.c')
-rw-r--r--subversion/libsvn_subr/config_auth.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/subversion/libsvn_subr/config_auth.c b/subversion/libsvn_subr/config_auth.c
index 091e4e8..ed26a58 100644
--- a/subversion/libsvn_subr/config_auth.c
+++ b/subversion/libsvn_subr/config_auth.c
@@ -94,6 +94,7 @@ svn_config_read_auth_data(apr_hash_t **hash,
if (kind == svn_node_file)
{
svn_stream_t *stream;
+ svn_string_t *stored_realm;
SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
_("Unable to open auth file for reading"));
@@ -104,6 +105,11 @@ svn_config_read_auth_data(apr_hash_t **hash,
apr_psprintf(pool, _("Error parsing '%s'"),
svn_dirent_local_style(auth_path, pool)));
+ stored_realm = svn_hash_gets(*hash, SVN_CONFIG_REALMSTRING_KEY);
+
+ if (!stored_realm || strcmp(stored_realm->data, realmstring) != 0)
+ *hash = NULL; /* Hash collision, or somebody tampering with storage */
+
SVN_ERR(svn_stream_close(stream));
}
OpenPOWER on IntegriCloud