Bugtraq mailing list archives

Re: [DER ADV#8] - Local off by one in CVSD

From: larry.jones () sdrc com (Larry Jones)
Date: Sun, 26 May 2002 15:23:16 -0400 (EDT)

On Sat, 25 May 2002, david evlis reign wrote:


##########################
#DER PATCH FOR CVS < 1.11#
##########################

--- rcs_old.c Mon Jan 25 02:05:16 2002
+++ rcs.c     Mon Jan 25 02:05:40 2002

--- 4238:       if (sscanf (info->data, "%16s %lu",
+++ 4238:       if (sscanf (info->data, "%.15s %lu",
              devtype, &devnum_long) < 2)
              error (1, 0, "%s:%s has bad `special' newphrase %s",
              workfile, vers->version, info->data);


That is not correct.  Unlike printf, scanf uses the *field width*, not
the precision, to specify the maximum number of characters to read. The
correct code is:

        if (sscanf (info->data, "%15s %lu",

vendor notification: nope.


Thanks a heap.  For what it's worth, that problem only occurs in the CVS
PreservePermissions code which is notoriously buggy, to the point where
it has been disabled in recent releases to keep people who don't know
any better from using it.  Nonetheless, it is fixed in the recently
released CVS 1.11.2.

-Larry Jones

I must have been delirious from having so much fun. -- Calvin

Current thread:

[DER ADV#8] - Local off by one in CVSD david evlis reign (May 25)
- Re: [DER ADV#8] - Local off by one in CVSD Larry Jones (May 27)