File CVE-2011-1921-and-CVE-2011-1783.diff of Package subversion

--- subversion/libsvn_repos/authz.c
+++ subversion/libsvn_repos/authz.c
@@ -746,6 +746,9 @@
       return SVN_NO_ERROR;
     }
 
+  /* Sanity check. */
+  SVN_ERR_ASSERT(path[0] == '/');
+
   /* Determine the granted access for the requested path. */
   while (!authz_get_path_access(authz->cfg, repos_name,
                                 current_path, user,
--- subversion/mod_dav_svn/authz.c
+++ subversion/mod_dav_svn/authz.c
@@ -51,6 +51,11 @@
       return TRUE;
     }
 
+  /* Sometimes we get paths that do not start with '/' and 
+     hence below uri concatenation would lead to wrong uris .*/
+  if (path && path[0] != '/')
+    path = apr_pstrcat(pool, "/", path, NULL);
+
   /* If bypass is specified and authz has exported the provider.
      Otherwise, we fall through to the full version.  This should be
      safer than allowing or disallowing all accesses if there is a

Places

File CVE-2011-1921-and-CVE-2011-1783.diff of Package subversion

Places