Vulnerability Development mailing list archives
Re: [Fwd: Help needed with bufferoverflow in cvs]
From: Donald Sharp <sharpd () cisco com>
Date: Fri, 22 Feb 2002 13:01:36 -0500
huh - On a sun box: donsharp-u5:169> cvs -f diff -C111111111111 checkin.c Index: checkin.c =================================================================== RCS file: /home2/cvsroot/ccvs/src/checkin.c,v retrieving revision 1.41 diff -C111111111111 -r1.41 checkin.c cvs [server aborted]: out of memory; can not allocate 4294967232 bytes donsharp-u5:164> cvs -v Concurrent Versions System (CVS) 1.11.1.1 (client/server) Copyright (c) 1989-2001 Brian Berliner, david d `zoo' zuhn, Jeff Polk, and other authors CVS may be copied only under the terms of the GNU General Public License, a copy of which can be found with the CVS distribution kit. Specify the --help option for further information about CVS donsharp-u5:165> donsharp-u5:165> uname -a SunOS donsharp-u5 5.6 Generic_105181-15 sun4u sparc SUNW,Ultra-5_10 donsharp-u5:166 On a linux box: [sharpd@yonk src]$ cvs -f diff -C111111111111 checkin.c Index: checkin.c =================================================================== RCS file: /work/repository/ccvs/src/checkin.c,v retrieving revision 1.1.1.1 diff -C111111111111 -r1.1.1.1 checkin.c cvs [diff aborted]: out of memory; can not allocate 4294967232 bytes [sharpd@yonk src]$ [sharpd@yonk src]$ cvs -v Concurrent Versions System (CVS) 1.11.1.1 (client/server) Copyright (c) 1989-2001 Brian Berliner, david d `zoo' zuhn, Jeff Polk, and other authors CVS may be copied only under the terms of the GNU General Public License, a copy of which can be found with the CVS distribution kit. Specify the --help option for further information about CVS [sharpd@yonk src]$ uname -a Linux yonk.pinkbelly.org 2.4.8-26mdk #1 Sun Sep 23 17:06:39 CEST 2001 i686 unknown I have insufficient memory. But why would you expect this to be a security hole? donald On Fri, Feb 22, 2002 at 09:34:00AM -0800, Crist J. Clark wrote:
On Thu, Feb 21, 2002 at 10:21:05AM -0500, Larry Jones wrote: [snip]This is 1.10.7-7; do you have the patch for this problem handy?The best fix is to upgrade to a reasonably current release of CVS, which you can get from www.cvshome.org. The current release is 1.11.1p1. If you insist on patching an obsolete version:Well, if that was his problem, there still appears to be one. $ cvs -v Concurrent Versions System (CVS) 1.11.1p1-FreeBSD (client/server) Copyright (c) 1989-2001 Brian Berliner, david d `zoo' zuhn, Jeff Polk, and other authors CVS may be copied only under the terms of the GNU General Public License, a copy of which can be found with the CVS distribution kit. Specify the --help option for further information about CVS Which looks like the current release. This is a FreeBSD 4.5-RELEASE system, BTW. And I get, $ cvs -f diff -C111111111111 ip_fw.c Index: ip_fw.c =================================================================== RCS file: /export/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.131.2.31 diff -C111111111111 -r1.131.2.31 ip_fw.c Segmentation fault (core dumped) The fault is not at the code you quoted, but I'm seg faulting, (gdb) run -fq diff -C`perl -e 'print "1" x 11'` /export/current/src/sys/netinet/ip_fw.c Starting program: /var/tmp/export/stable/src/gnu/usr.bin/cvs/cvs/cvs -fq diff -C`perl -e 'print "1" x 11'` /export/current/src/sys/netinet/ip_fw.c Index: /export/current/src/sys/netinet/ip_fw.c =================================================================== RCS file: /export/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.181 diff -C11111111111 -r1.181 ip_fw.c Program received signal SIGSEGV, Segmentation fault. 0x8099b7e in discard_confusing_lines (filevec=0xbfbff38c) at /export/stable/src/gnu/usr.bin/cvs/libdiff/../../../../contrib/cvs/diff/analyze.c:431 (gdb) Sorry, I have not looked in to it more closely than this. -- Crist J. Clark | cjclark () alum mit edu | cjclark () jhu edu http://people.freebsd.org/~cjc/ | cjc () freebsd org _______________________________________________ Bug-cvs mailing list Bug-cvs () gnu org http://mail.gnu.org/mailman/listinfo/bug-cvs
Current thread:
- Re: [Fwd: Help needed with bufferoverflow in cvs] Larry Jones (Feb 21)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Tollef Fog Heen (Feb 21)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Larry Jones (Feb 21)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Turbo Fredriksson (Feb 22)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Larry Jones (Feb 22)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Crist J. Clark (Feb 22)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Donald Sharp (Feb 22)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Crist J. Clark (Feb 23)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Larry Jones (Feb 21)
- Re: [Fwd: Help needed with bufferoverflow in cvs] Tollef Fog Heen (Feb 21)