1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
From 61382fd8ea66000bd9ee8e203a6eab443220ee40 Mon Sep 17 00:00:00 2001
From: Nathan Hartman <hartmannathan@apache.org>
Date: Sun, 27 Mar 2022 05:59:18 +0000
Subject: [PATCH] On the 1.14.x-r1899227 branch: Merge r1899227 from trunk
w/testlist variation
git-svn-id: https://svn.apache.org/repos/asf/subversion/branches/1.14.x-r1899227@1899229 13f79535-47bb-0310-9956-ffa450edef68
CVE: CVE-2021-28544 [https://github.com/apache/subversion/commit/61382fd8ea66000bd9ee8e203a6eab443220ee40]
Upstream-Status: Backport
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
subversion/libsvn_repos/log.c | 26 +++++-------
subversion/tests/cmdline/authz_tests.py | 55 +++++++++++++++++++++++++
2 files changed, 65 insertions(+), 16 deletions(-)
diff --git a/subversion/libsvn_repos/log.c b/subversion/libsvn_repos/log.c
index d9a1fb1085e16..41ca8aed27174 100644
--- a/subversion/libsvn_repos/log.c
+++ b/subversion/libsvn_repos/log.c
@@ -337,42 +337,36 @@ detect_changed(svn_repos_revision_access_level_t *access_level,
if ( (change->change_kind == svn_fs_path_change_add)
|| (change->change_kind == svn_fs_path_change_replace))
{
- const char *copyfrom_path = change->copyfrom_path;
- svn_revnum_t copyfrom_rev = change->copyfrom_rev;
-
/* the following is a potentially expensive operation since on FSFS
we will follow the DAG from ROOT to PATH and that requires
actually reading the directories along the way. */
if (!change->copyfrom_known)
{
- SVN_ERR(svn_fs_copied_from(©from_rev, ©from_path,
+ SVN_ERR(svn_fs_copied_from(&change->copyfrom_rev, &change->copyfrom_path,
root, path, iterpool));
change->copyfrom_known = TRUE;
}
- if (copyfrom_path && SVN_IS_VALID_REVNUM(copyfrom_rev))
+ if (change->copyfrom_path && SVN_IS_VALID_REVNUM(change->copyfrom_rev))
{
- svn_boolean_t readable = TRUE;
-
if (callbacks->authz_read_func)
{
svn_fs_root_t *copyfrom_root;
+ svn_boolean_t readable;
SVN_ERR(svn_fs_revision_root(©from_root, fs,
- copyfrom_rev, iterpool));
+ change->copyfrom_rev, iterpool));
SVN_ERR(callbacks->authz_read_func(&readable,
copyfrom_root,
- copyfrom_path,
+ change->copyfrom_path,
callbacks->authz_read_baton,
iterpool));
if (! readable)
- found_unreadable = TRUE;
- }
-
- if (readable)
- {
- change->copyfrom_path = copyfrom_path;
- change->copyfrom_rev = copyfrom_rev;
+ {
+ found_unreadable = TRUE;
+ change->copyfrom_path = NULL;
+ change->copyfrom_rev = SVN_INVALID_REVNUM;
+ }
}
}
}
diff --git a/subversion/tests/cmdline/authz_tests.py b/subversion/tests/cmdline/authz_tests.py
index 760cb3663d02f..92e8a5e1935c9 100755
--- a/subversion/tests/cmdline/authz_tests.py
+++ b/subversion/tests/cmdline/authz_tests.py
@@ -1731,6 +1731,60 @@ def empty_group(sbox):
'--username', svntest.main.wc_author,
sbox.repo_url)
+@Skip(svntest.main.is_ra_type_file)
+def log_inaccessible_copyfrom(sbox):
+ "log doesn't leak inaccessible copyfrom paths"
+
+ sbox.build(empty=True)
+ sbox.simple_add_text('secret', 'private')
+ sbox.simple_commit(message='log message for r1')
+ sbox.simple_copy('private', 'public')
+ sbox.simple_commit(message='log message for r2')
+
+ svntest.actions.enable_revprop_changes(sbox.repo_dir)
+ # Remove svn:date and svn:author for predictable output.
+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+ '-r2', 'svn:date', sbox.repo_url)
+ svntest.actions.run_and_verify_svn(None, [], 'propdel', '--revprop',
+ '-r2', 'svn:author', sbox.repo_url)
+
+ write_restrictive_svnserve_conf(sbox.repo_dir)
+
+ # First test with blanket access.
+ write_authz_file(sbox,
+ {"/" : "* = rw"})
+ expected_output = svntest.verify.ExpectedOutput([
+ "------------------------------------------------------------------------\n",
+ "r2 | (no author) | (no date) | 1 line\n",
+ "Changed paths:\n",
+ " A /public (from /private:1)\n",
+ "\n",
+ "log message for r2\n",
+ "------------------------------------------------------------------------\n",
+ ])
+ svntest.actions.run_and_verify_svn(expected_output, [],
+ 'log', '-r2', '-v',
+ sbox.repo_url)
+
+ # Now test with an inaccessible copy source (/private).
+ write_authz_file(sbox,
+ {"/" : "* = rw"},
+ {"/private" : "* ="})
+ expected_output = svntest.verify.ExpectedOutput([
+ "------------------------------------------------------------------------\n",
+ "r2 | (no author) | (no date) | 1 line\n",
+ "Changed paths:\n",
+ # The copy is shown as a plain add with no copyfrom info.
+ " A /public\n",
+ "\n",
+ # No log message, as the revision is only partially visible.
+ "\n",
+ "------------------------------------------------------------------------\n",
+ ])
+ svntest.actions.run_and_verify_svn(expected_output, [],
+ 'log', '-r2', '-v',
+ sbox.repo_url)
+
########################################################################
# Run the tests
@@ -1771,6 +1825,7 @@ def empty_group(sbox):
inverted_group_membership,
group_member_empty_string,
empty_group,
+ log_inaccessible_copyfrom,
]
serial_only = True
|
