[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Help needed with bufferoverflow in cvs]

From: Larry Jones
Subject: Re: [Fwd: Help needed with bufferoverflow in cvs]
Date: Wed, 20 Feb 2002 16:31:31 -0500 (EST)

> it seems that cvs (version 1.10.7 from Debians stable repos) has a
> bufferoverflow but I'm but sure if it's exploitable
> cvs diff -C`perl -e "print 'a' x 300"` tables.sql
> Segmentation fault (core dumped)

It's not a buffer overflow (-Cx will produce the same result), it's an
improperly initialized global variable (the code calls longjmp() with a
global jmp_buf that was never initialized by setjmp() and thus is all
zeros).  It's not exploitable and it was fixed long ago in CVS 1.10.8.

-Larry Jones

I just can't identify with that kind of work ethic. -- Calvin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]