Re: [Fwd: Help needed with bufferoverflow in cvs]

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Help needed with bufferoverflow in cvs]

From:	Larry Jones
Subject:	Re: [Fwd: Help needed with bufferoverflow in cvs]
Date:	Thu, 21 Feb 2002 10:21:05 -0500 (EST)

Tollef Fog Heen writes:
> 
> *  (Larry Jones)
> | 
> | It's not a buffer overflow (-Cx will produce the same result), it's an
> | improperly initialized global variable (the code calls longjmp() with a
> | global jmp_buf that was never initialized by setjmp() and thus is all
> | zeros).  It's not exploitable and it was fixed long ago in CVS 1.10.8.
> 
> I am not too sure about that, please see the strace output from the
> server:

You're not too sure about *what*, that it's not a buffer overflow, that
it's caused by calling longjmp() with an all-zero jmp_buf, that it's not
exploitable, or that it was fixed long ago?!?

> This is 1.10.7-7; do you have the patch for this problem handy?

The best fix is to upgrade to a reasonably current release of CVS, which
you can get from www.cvshome.org.  The current release is 1.11.1p1.  If
you insist on patching an obsolete version:

Index: diff.c
===================================================================
RCS file: /cvs/ccvs/diff/diff.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- diff.c      29 Apr 1999 21:08:13 -0000      1.9
+++ diff.c      15 Sep 1999 21:11:31 -0000      1.10
@@ -247,11 +247,21 @@
 
   /* Do our initializations.  */
   initialize_main (&argc, &argv);
-
-  /* Decode the options.  */
-
   optind_old = optind;
   optind = 0;
+
+  /* Set the jump buffer, so that diff may abort execution without
+     terminating the process. */
+  val = setjmp (diff_abort_buf);
+  if (val != 0)
+    {
+      optind = optind_old;
+      if (opened_file)
+       fclose (outfile);
+      return val;
+    }
+
+  /* Decode the options.  */
   while ((c = getopt_long (argc, argv,
                           
"0123456789abBcC:dD:efF:hHiI:lL:nNpPqrsS:tTuU:vwW:x:X:y",
                           longopts, 0)) != EOF)
@@ -684,17 +694,6 @@
            }
          opened_file = 1;
        }
-    }
-
-  /* Set the jump buffer, so that diff may abort execution without
-     terminating the process. */
-  val = setjmp (diff_abort_buf);
-  if (val != 0)
-    {
-      optind = optind_old;
-      if (opened_file)
-       fclose (outfile);
-      return val;
     }
 
   val = compare_files (0, argv[optind], 0, argv[optind + 1], 0);


-Larry Jones

It's like SOMEthing... I just can't think of it. -- Calvin

[Prev in Thread]

Current Thread

[Next in Thread]

[Fwd: Help needed with bufferoverflow in cvs], Niels Heinen, 2002/02/20
- Re: [Fwd: Help needed with bufferoverflow in cvs], Tollef Fog Heen, 2002/02/20
  - Re: [Fwd: Help needed with bufferoverflow in cvs], Martin Schulze, 2002/02/20
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Matt Riechers, 2002/02/20
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Martin Schulze, 2002/02/20
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Tollef Fog Heen, 2002/02/21
- Re: [Fwd: Help needed with bufferoverflow in cvs], Larry Jones, 2002/02/20
  - Re: [Fwd: Help needed with bufferoverflow in cvs], Tollef Fog Heen, 2002/02/21
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Larry Jones <=
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Turbo Fredriksson, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Larry Jones, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Crist J. Clark, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Donald Sharp, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Crist J. Clark, 2002/02/22
    - Re: [Fwd: Help needed with bufferoverflow in cvs], Tollef Fog Heen, 2002/02/22

Prev by Date: 网上办公系统
Next by Date: [�� ] �ؿܱ�� ѱ��ǰ ��ռ��θ�
Previous by thread: Re: [Fwd: Help needed with bufferoverflow in cvs]
Next by thread: Re: [Fwd: Help needed with bufferoverflow in cvs]
Index(es):
- Date
- Thread