bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS_RSH env-var feature patch

From: Ellison, Martin [IT]
Subject: RE: CVS_RSH env-var feature patch
Date: Mon, 3 Sep 2001 09:09:50 +1000 
I notice that you have redimensioned argv without changing any other code.
Does this mean that the code is susceptible to an overrun attack?

> -----Original Message-----
> From: Daniel Hiltgen [mailto:dhiltgen@ebay.sun.com]
> Sent: Saturday, 1 September 2001 5:25
> To: bug-cvs@gnu.org
> Subject: CVS_RSH env-var feature patch
> 
> 
> Existing behavior:  The entire environment variable is treated as
> argv[0] for the fork, so you can not specify command arguments within
> the variable.
> 
> Fix:  Use strtok to tokenize the env-var so that multiple arguments
> show up as argv[0], argv[1], etc.  This also works for the scenario
> where there is only a command and no arguments.
> 
> This is very useful for people who want to use ssh as the plumbing,
> since ssh often requires multiple arguments to get the job done.
> 
> 
> 
> *** cvs-1.11/src/client.c       Thu Jul  6 09:20:41 2000
> --- cvs-1.11-args/src/client.c  Thu Aug 30 10:49:17 2001
> ***************
> *** 4792,4801 ****
>       sprintf (command, "%s server", cvs_server);
> 
>       {
> !         char *argv[10];
>         char **p = argv;
> 
> !       *p++ = cvs_rsh;
>         *p++ = CVSroot_hostname;
> 
>         /* If the login names differ between client and server
> --- 4792,4805 ----
>       sprintf (command, "%s server", cvs_server);
> 
>       {
> !         char *argv[30];
>         char **p = argv;
> 
> !       /* Check for flags in CVS_RSH */
> !       *p++ = strtok(cvs_rsh, " ");
> !       while(*p = strtok(0, " ")) {
> !           *p++;
> !       }
>         *p++ = CVSroot_hostname;
> 
>         /* If the login names differ between client and server
> 
> 
> 
> 
> -- 
> Daniel Hiltgen  (daniel.hiltgen@ebay.sun.com)  (dtcm: 
> dhiltgen@hiltgen)
> Phone: 510-936-2264 (x12264)     Fax: 510-936-2396       MS: 
> UNWK16-101
> Network Storage - Storage Utilities Software Development 
> 
> _______________________________________________
> Bug-cvs mailing list
> Bug-cvs@gnu.org
> http://mail.gnu.org/mailman/listinfo/bug-cvs
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]