[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Infinite loop in "cvs server"
From: |
Larry Jones |
Subject: |
Re: Infinite loop in "cvs server" |
Date: |
Fri, 4 Oct 2002 11:48:26 -0400 (EDT) |
Pavel Roskin writes:
>
> I run "cvs server" from the command line (I tried Linux console and rxvt -
> same result), then I press Ctrl-C and Ctrl-D.
>
> This message is printed continuously:
>
> cvs: buffer.c:1384: stdio_buffer_shutdown: Assertion `fstat ( fileno
> (bc->fp), &s ) != -1' failed.
>
> I can only kill cvs by the "KILL" signal.
That's been reported before -- it's a bug in the cleanup code that
results in an infinite loop (the assertion failure in the cleanup code
results in the cleanup code being called again ad infinitum).
> I cannot reproduce this bug over ssh (OpenSSH_3.4p1) - cvs terminates on
> Ctrl-C. However, I cannot exclude the possibility that this bug can be
> exploited to execute random commands on a server that only allows the user
> to execute "cvs server".
It's a simple infinite loop, not a buffer overflow or anything else
exploitable.
-Larry Jones
I obey the letter of the law, if not the spirit. -- Calvin