[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Help needed with bufferoverflow in cvs]
|
From: |
Tollef Fog Heen |
|
Subject: |
Re: [Fwd: Help needed with bufferoverflow in cvs] |
|
Date: |
21 Feb 2002 02:14:52 +0100 |
|
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 |
* Martin Schulze
| Matt Riechers wrote:
| > Martin Schulze wrote:
| > >
| > > > | it seems that cvs (version 1.10.7 from Debians stable repos) has a
| > > > | bufferoverflow but I'm but sure if it's exploitable
| > ....
| > > klecker!joey(pts/15):~/tmp/webwml> cvs diff -C`perl -e "print 'a' x 300"`
Makefile || echo noe
| > ....
| > > cvs server: invalid context length argument
| > > Terminated with fatal signal 11
| >
| > The current stable release of CVS (1.11.1p1) seems to have fixed this. It
does
| > not segfault on this command.
|
| Edit the local file and it will.
I can't reproduce that:
tfheen@arabella /tmp/f > cvs -d ':pserver:localhost:/var/lib/cvs' co kvakk
cvs server: Updating kvakk
U kvakk/foo
tfheen@arabella /tmp/f > cd kvakk
tfheen@arabella /tmp/f/kvakk > ls
CVS/ foo
tfheen@arabella /tmp/f/kvakk > ls -l
totalt 1
drwxrwxr-x 2 tfheen tfheen 1024 feb 21 02:08 CVS/
-rw-rw-r-- 1 tfheen tfheen 0 feb 21 02:05 foo
tfheen@arabella /tmp/f/kvakk > cat foo
tfheen@arabella /tmp/f/kvakk > cvs diff -C`perl -e "print 'a' x 300"` foo
tfheen@arabella /tmp/f/kvakk > echo a > foo
tfheen@arabella /tmp/f/kvakk > cvs diff -C`perl -e "print 'a' x 300"` foo
Index: foo
===================================================================
RCS file: /var/lib/cvs/kvakk/foo,v
retrieving revision 1.1.1.1
diff -u
-Caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-r1.1.1.1 foo
cvs server: invalid context length argument
tfheen@arabella /tmp/f/kvakk >
Ditto for non-pserver:
tfheen@arabella /tmp/bla > cat d
foo
tfheen@arabella /tmp/bla > ls -l
totalt 5
drwxrwxr-x 3 tfheen tfheen 1024 feb 20 00:21 b/
drwxrwxr-x 3 tfheen tfheen 1024 feb 20 00:21 c/
drwxrwxr-x 2 tfheen tfheen 1024 feb 20 00:41 CVS/
-rw-rw-r-- 1 tfheen tfheen 4 feb 20 00:21 d
-rw-rw-r-- 1 tfheen tfheen 4 feb 20 00:21 e
tfheen@arabella /tmp/bla > cvs diff -C`perl -e "print 'a' x 300"` d
tfheen@arabella /tmp/bla > echo a > d
tfheen@arabella /tmp/bla > cvs diff -C`perl -e "print 'a' x 300"` d
Index: d
===================================================================
RCS file: /home/tfheen/data/cvs/bla/d,v
retrieving revision 1.5
diff -u
-Caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-r1.5 d
cvs diff: invalid context length argument
tfheen@arabella /tmp/bla > cat CVS/Root
/home/tfheen/data/cvs
tfheen@arabella /tmp/bla >
Can you please tell me how to reproduce?
Note that this is
tfheen@arabella /tmp/bla > cvs --version
Concurrent Versions System (CVS) 1.11.1p1 (client/server)
ii cvs 1.11.1p1-7 Concurrent Versions System
(which isn't released yet, but I haven't made any changes which should
affect this, and I couldn't reproduce using -3 either)
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
Re: [Fwd: Help needed with bufferoverflow in cvs], Larry Jones, 2002/02/20
Re: [Fwd: Help needed with bufferoverflow in cvs], Tollef Fog Heen, 2002/02/22