Overview

File subversion-CVE-2018-11803.patch of Package subversion

From e29ee6ad3df42f734fb7fcc62f832e0b300628a2 Mon Sep 17 00:00:00 2001
From: Julian Foad <julianfoad@apache.org>
Date: Mon, 7 Jan 2019 09:41:42 +0000
Subject: [PATCH] * subversion/mod_dav_svn/reports/list.c  
 (dav_svn__list_report): Fix access to potentially uninitialized local    
 pointer variable.

git-svn-id: https://svn.apache.org/repos/asf/subversion/trunk@1850621 13f79535-47bb-0310-9956-ffa450edef68
---
 subversion/mod_dav_svn/reports/list.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/subversion/mod_dav_svn/reports/list.c b/subversion/mod_dav_svn/reports/list.c
index 02d4f77dfb3..60093377760 100644
--- a/subversion/mod_dav_svn/reports/list.c
+++ b/subversion/mod_dav_svn/reports/list.c
@@ -201,7 +201,7 @@ dav_svn__list_report(const dav_resource *resource,
   dav_svn__authz_read_baton arb;
   const dav_svn_repos *repos = resource->info->repos;
   int ns;
-  const char *full_path;
+  const char *full_path = NULL;
   svn_boolean_t path_info_only;
   svn_fs_root_t *root;
   svn_depth_t depth = svn_depth_unknown;
@@ -280,6 +280,12 @@ dav_svn__list_report(const dav_resource *resource,
       /* else unknown element; skip it */
     }
 
+  if (! full_path)
+    {
+      return dav_svn__new_error_svn(resource->pool, HTTP_BAD_REQUEST, 0, 0,
+                                    "Request was missing the path argument");
+    }
+
   /* Build authz read baton */
   arb.r = resource->info->r;
   arb.repos = resource->info->repos;
openSUSE Build Service is sponsored by
Places