From 599e22263dba89ab3adbfede2a0a124545a9cc49 Mon Sep 17 00:00:00 2001 From: glasser Date: Sat, 1 Mar 2008 19:04:42 +0000 Subject: [PATCH] Followup to r29659: *really* fix a bunch of error leaks in the svnserve Cyrus SASL implementation. * subversion/svnserve/cyrus_auth.c (write_failure): New wrapper around svn_ra_svn_write_cmd_failure which clears its error argument. (fail_cmd, cyrus_auth_request): Use write_failure. Found by: dionisos git-svn-id: http://svn.collab.net/repos/svn/trunk@29663 612f8ebc-c883-4be0-9ee0-a4e9ef946e3a --- subversion/svnserve/cyrus_auth.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/subversion/svnserve/cyrus_auth.c b/subversion/svnserve/cyrus_auth.c index 9c0e8d38f..60892e92e 100644 --- a/subversion/svnserve/cyrus_auth.c +++ b/subversion/svnserve/cyrus_auth.c @@ -132,14 +132,24 @@ fail_auth(svn_ra_svn_conn_t *conn, apr_pool_t *pool, sasl_conn_t *sasl_ctx) return svn_ra_svn_flush(conn, pool); } +/* Like svn_ra_svn_write_cmd_failure, but also clears the given error + and sets it to SVN_NO_ERROR. */ +static svn_error_t * +write_failure(svn_ra_svn_conn_t *conn, apr_pool_t *pool, svn_error_t **err_p) +{ + svn_error_t *write_err = svn_ra_svn_write_cmd_failure(conn, pool, *err); + svn_error_clear(*err); + *err = SVN_NO_ERROR; + return write_err; +} + /* Used if we run into a SASL error outside try_auth(). */ static svn_error_t * fail_cmd(svn_ra_svn_conn_t *conn, apr_pool_t *pool, sasl_conn_t *sasl_ctx) { svn_error_t *err = svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, sasl_errdetail(sasl_ctx)); - SVN_ERR(svn_ra_svn_write_cmd_failure(conn, pool, err)); - svn_error_clear(err); + SVN_ERR(write_failure(conn, pool, &err)); return svn_ra_svn_flush(conn, pool); } @@ -242,8 +252,7 @@ svn_error_t *cyrus_auth_request(svn_ra_svn_conn_t *conn, if (apr_err) { svn_error_t *err = svn_error_wrap_apr(apr_err, _("Can't get hostname")); - SVN_ERR(svn_ra_svn_write_cmd_failure(conn, pool, err)); - svn_error_clear(err); + SVN_ERR(write_failure(conn, pool, &err)); return svn_ra_svn_flush(conn, pool); } @@ -258,8 +267,7 @@ svn_error_t *cyrus_auth_request(svn_ra_svn_conn_t *conn, { svn_error_t *err = svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, sasl_errstring(result, NULL, NULL)); - SVN_ERR(svn_ra_svn_write_cmd_failure(conn, pool, err)); - svn_error_clear(err); + SVN_ERR(write_failure(conn, pool, &err)); return svn_ra_svn_flush(conn, pool); } @@ -313,8 +321,7 @@ svn_error_t *cyrus_auth_request(svn_ra_svn_conn_t *conn, svn_error_t *err = svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, _("Could not obtain the list" " of SASL mechanisms")); - SVN_ERR(svn_ra_svn_write_cmd_failure(conn, pool, err)); - svn_error_clear(err); + SVN_ERR(write_failure(conn, pool, &err)); return svn_ra_svn_flush(conn, pool); } @@ -354,8 +361,7 @@ svn_error_t *cyrus_auth_request(svn_ra_svn_conn_t *conn, err = svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, _("Couldn't obtain the authenticated" " username")); - SVN_ERR(svn_ra_svn_write_cmd_failure(conn, pool, err)); - svn_error_clear(err); + SVN_ERR(write_failure(conn, pool, &err)); return svn_ra_svn_flush(conn, pool); } } -- 2.11.4.GIT