There are several places where this error is thrown after the patch, one of the is e.g.
+ if (tview_len > SVN_DELTA_WINDOW_SIZE ||
+ sview_len > SVN_DELTA_WINDOW_SIZE ||
+ /* for svndiff1, newlen includes the original length */
+ newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
+ inslen > MAX_INSTRUCTION_SECTION_LEN)
+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
+ _("Svndiff contains a too-large window"));
Going back to 1.6.3 would make you vulnerable to the exploit described by the advisory. Does someone know why bzr-svn satisfies the checks of the patch?
It looks that this is caused by the security fix described here
http:// subversion. tigris. org/security/ CVE-2009- 2411-advisory. txt
There are several places where this error is thrown after the patch, one of the is e.g.
+ if (tview_len > SVN_DELTA_ WINDOW_ SIZE || WINDOW_ SIZE || WINDOW_ SIZE + MAX_ENCODED_INT_LEN || _SECTION_ LEN) create( SVN_ERR_ SVNDIFF_ CORRUPT_ WINDOW, NULL,
+ sview_len > SVN_DELTA_
+ /* for svndiff1, newlen includes the original length */
+ newlen > SVN_DELTA_
+ inslen > MAX_INSTRUCTION
+ return svn_error_
+ _("Svndiff contains a too-large window"));
Going back to 1.6.3 would make you vulnerable to the exploit described by the advisory. Does someone know why bzr-svn satisfies the checks of the patch?