[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Help needed with bufferoverflow in cvs]
|
From: |
Larry Jones |
|
Subject: |
Re: [Fwd: Help needed with bufferoverflow in cvs] |
|
Date: |
Wed, 20 Feb 2002 16:31:31 -0500 (EST) |
> it seems that cvs (version 1.10.7 from Debians stable repos) has a
> bufferoverflow but I'm but sure if it's exploitable
[...]
> cvs diff -C`perl -e "print 'a' x 300"` tables.sql
[...]
> Segmentation fault (core dumped)
It's not a buffer overflow (-Cx will produce the same result), it's an
improperly initialized global variable (the code calls longjmp() with a
global jmp_buf that was never initialized by setjmp() and thus is all
zeros). It's not exploitable and it was fixed long ago in CVS 1.10.8.
-Larry Jones
I just can't identify with that kind of work ethic. -- Calvin
Re: [Fwd: Help needed with bufferoverflow in cvs],
Larry Jones <=
Re: [Fwd: Help needed with bufferoverflow in cvs], Tollef Fog Heen, 2002/02/22