Re: No watch commands work with pserver 1.11.1p1 & 1.11.2

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No watch commands work with pserver 1.11.1p1 & 1.11.2

From:	Larry Jones
Subject:	Re: No watch commands work with pserver 1.11.1p1 & 1.11.2
Date:	Fri, 3 May 2002 13:22:39 -0400 (EDT)

Gary Hennigan writes:
> 
> Personally, I've fixed my local copy by doing away with the "if" block
> starting at server.c:2657 and ending at server.c:2666, as it seems
> redundant since the client has already verified that the command is
> a legal command.

That means that you're trusting the client, which isn't a very good idea
from a security perspective.  The right fix is to change the command
name passed into do_cvs_command to "watch" in all four cases.  I've
checked in a fix.

-Larry Jones

What's the matter?  Don't you trust your own kid?! -- Calvin

[Prev in Thread]

Current Thread

[Next in Thread]

No watch commands work with pserver 1.11.1p1 & 1.11.2, Gary Hennigan, 2002/05/02
- Re: No watch commands work with pserver 1.11.1p1 & 1.11.2, Larry Jones <=
  - Re: No watch commands work with pserver 1.11.1p1 & 1.11.2, Gary L. Hennigan, 2002/05/06

Prev by Date: �� Ϣ( ��ؼ� )
Next by Date: A nice game
Previous by thread: No watch commands work with pserver 1.11.1p1 & 1.11.2
Next by thread: Re: No watch commands work with pserver 1.11.1p1 & 1.11.2
Index(es):
- Date
- Thread