[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "cvs admin -m" causes segmentation faults

From: Larry Jones
Subject: Re: "cvs admin -m" causes segmentation faults
Date: Mon, 17 Oct 2005 13:39:07 -0400 (EDT)

Matthias Scheler writes:
> I tried to correct a typo in a very commit message today (more than 4KB)
> with a command like this one:
> "cvs" died with a segmentation fault. I shortened the CVS commit message
> by several lines and "cvs admin" worked. I readded a few lines, the local
> "cvs" process worked fine but the remote "cvs server" process crashed. It
> looks to me like a buffer overflow which can be abused to gain shell
> access to a remote CVS server.

I don't see anything obviously wrong with the code -- is there any
chance you could get a traceback from one of the crashes?

> This is with CVS 1.11.20 under NetBSD-i386 3.0_BETA.

Is that the client, the server, or both?  (The "cvs version" command in
a working directory prints both client and server info.)

-Larry Jones

In my opinion, we don't devote nearly enough scientific research
to finding a cure for jerks. -- Calvin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]