Re: [Fwd: Help needed with bufferoverflow in cvs]

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Help needed with bufferoverflow in cvs]

From:	Donald Sharp
Subject:	Re: [Fwd: Help needed with bufferoverflow in cvs]
Date:	Fri, 22 Feb 2002 13:01:36 -0500
User-agent:	Mutt/1.2.4i

huh -

On a sun box:

donsharp-u5:169> cvs -f diff -C111111111111 checkin.c
Index: checkin.c
===================================================================
RCS file: /home2/cvsroot/ccvs/src/checkin.c,v
retrieving revision 1.41
diff -C111111111111 -r1.41 checkin.c
cvs [server aborted]: out of memory; can not allocate 4294967232 bytes

donsharp-u5:164> cvs -v

Concurrent Versions System (CVS) 1.11.1.1 (client/server)

Copyright (c) 1989-2001 Brian Berliner, david d `zoo' zuhn, 
                        Jeff Polk, and other authors

CVS may be copied only under the terms of the GNU General Public License,
a copy of which can be found with the CVS distribution kit.

Specify the --help option for further information about CVS
donsharp-u5:165> 

donsharp-u5:165> uname -a
SunOS donsharp-u5 5.6 Generic_105181-15 sun4u sparc SUNW,Ultra-5_10
donsharp-u5:166

On a linux box:

[sharpd@yonk src]$ cvs -f diff -C111111111111 checkin.c
Index: checkin.c
===================================================================
RCS file: /work/repository/ccvs/src/checkin.c,v
retrieving revision 1.1.1.1
diff -C111111111111 -r1.1.1.1 checkin.c
cvs [diff aborted]: out of memory; can not allocate 4294967232 bytes
[sharpd@yonk src]$
[sharpd@yonk src]$ cvs -v

Concurrent Versions System (CVS) 1.11.1.1 (client/server)

Copyright (c) 1989-2001 Brian Berliner, david d `zoo' zuhn, 
                        Jeff Polk, and other authors

CVS may be copied only under the terms of the GNU General Public License,
a copy of which can be found with the CVS distribution kit.

Specify the --help option for further information about CVS
[sharpd@yonk src]$ uname -a
Linux yonk.pinkbelly.org 2.4.8-26mdk #1 Sun Sep 23 17:06:39 CEST 2001 i686 
unknown

I have insufficient memory.  But why would you expect this to be a
security hole?

donald

On Fri, Feb 22, 2002 at 09:34:00AM -0800, Crist J. Clark wrote:
> On Thu, Feb 21, 2002 at 10:21:05AM -0500, Larry Jones wrote:
> [snip]
> 
> > > This is 1.10.7-7; do you have the patch for this problem handy?
> > 
> > The best fix is to upgrade to a reasonably current release of CVS, which
> > you can get from www.cvshome.org.  The current release is 1.11.1p1.  If
> > you insist on patching an obsolete version:
> 
> Well, if that was his problem, there still appears to be one.
> 
>   $ cvs -v
> 
>   Concurrent Versions System (CVS) 1.11.1p1-FreeBSD (client/server)
> 
>   Copyright (c) 1989-2001 Brian Berliner, david d `zoo' zuhn, 
>                           Jeff Polk, and other authors
> 
>   CVS may be copied only under the terms of the GNU General Public License,
>   a copy of which can be found with the CVS distribution kit.
> 
>   Specify the --help option for further information about CVS
> 
> Which looks like the current release. This is a FreeBSD 4.5-RELEASE
> system, BTW. And I get,
> 
>   $ cvs -f diff -C111111111111 ip_fw.c
>   Index: ip_fw.c
>   ===================================================================
>   RCS file: /export/ncvs/src/sys/netinet/ip_fw.c,v
>   retrieving revision 1.131.2.31
>   diff -C111111111111 -r1.131.2.31 ip_fw.c
>   Segmentation fault (core dumped)
> 
> The fault is not at the code you quoted, but I'm seg faulting,
> 
>   (gdb) run -fq diff -C`perl -e 'print "1" x 11'` 
> /export/current/src/sys/netinet/ip_fw.c
>   Starting program: /var/tmp/export/stable/src/gnu/usr.bin/cvs/cvs/cvs -fq 
> diff -C`perl -e 'print "1" x 11'` /export/current/src/sys/netinet/ip_fw.c
>   Index: /export/current/src/sys/netinet/ip_fw.c
>   ===================================================================
>   RCS file: /export/ncvs/src/sys/netinet/ip_fw.c,v
>   retrieving revision 1.181
>   diff -C11111111111 -r1.181 ip_fw.c
> 
>   Program received signal SIGSEGV, Segmentation fault.
>   0x8099b7e in discard_confusing_lines (filevec=0xbfbff38c)
>       at 
> /export/stable/src/gnu/usr.bin/cvs/libdiff/../../../../contrib/cvs/diff/analyze.c:431
>   (gdb) 
> 
> Sorry, I have not looked in to it more closely than this.
> -- 
> Crist J. Clark                     |     cjclark@alum.mit.edu
>                                    |     cjclark@jhu.edu
> http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
> 
> _______________________________________________
> Bug-cvs mailing list
> Bug-cvs@gnu.org
> http://mail.gnu.org/mailman/listinfo/bug-cvs

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Fwd: Help needed with bufferoverflow in cvs], (continued)
- Re: [Fwd: Help needed with bufferoverflow in cvs], Larry Jones, 2002/02/20
  - Re: [Fwd: Help needed with bufferoverflow in cvs], Tollef Fog Heen, 2002/02/21
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Larry Jones, 2002/02/21
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Turbo Fredriksson, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Larry Jones, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Crist J. Clark, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Donald Sharp <=
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Crist J. Clark, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Tollef Fog Heen, 2002/02/22

Prev by Date: Re: [Fwd: Help needed with bufferoverflow in cvs]
Next by Date: Re: [Fwd: Help needed with bufferoverflow in cvs]
Previous by thread: Re: [Fwd: Help needed with bufferoverflow in cvs]
Next by thread: Re: [Fwd: Help needed with bufferoverflow in cvs]
Index(es):
- Date
- Thread