Skip to content

Commit

Permalink
Merge r1542071 from trunk.
Browse files Browse the repository at this point in the history
  * r1542071
    Use canonical form of the path
    Justification:
      API constraint violation
    Votes:
      +1: breser, philip, ivan

Fixes CVE-2013-4558, see our advisory at:
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt


git-svn-id: https://svn.apache.org/repos/asf/subversion/branches/1.8.x@1542075 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
breser committed Nov 14, 2013
1 parent 98f5a9d commit 2c77c43
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions subversion/mod_dav_svn/repos.c
Original file line number Diff line number Diff line change
Expand Up @@ -2455,9 +2455,12 @@ get_parent_resource(const dav_resource *resource,
parent->info = parentinfo;

parentinfo->uri_path =
svn_stringbuf_create(get_parent_path(resource->info->uri_path->data,
TRUE, resource->pool),
resource->pool);
svn_stringbuf_create(
get_parent_path(
svn_urlpath__canonicalize(resource->info->uri_path->data,
resource->pool),
TRUE, resource->pool),
resource->pool);
parentinfo->repos = resource->info->repos;
parentinfo->root = resource->info->root;
parentinfo->r = resource->info->r;
Expand Down

0 comments on commit 2c77c43

Please sign in to comment.