Re: CVS_RSH env-var feature patch

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS_RSH env-var feature patch

From:	Derek R. Price
Subject:	Re: CVS_RSH env-var feature patch
Date:	Thu, 06 Sep 2001 17:01:15 -0700

Larry Jones wrote:

> Ellison, Martin [IT] writes:
> >
> > I notice that you have redimensioned argv without changing any other code.
> > Does this mean that the code is susceptible to an overrun attack?
>
> Yes.  (The original code isn't, but the patch introduces a potential
> buffer overflow bug and thus isn't acceptable.  I also question how much
> need there is for the enhancement.)

I can see this as somewhat useful, done correctly, but not all that important
as there is an obvious work-around - call a script as the single argument then
put the correct ssh arguments inside the script.

Of course, this probably won't work properly under Windoze, but then, I don't
think CVS_RSH works at all there, anyhow.

Derek

--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:dprice@collab.net         CollabNet ( http://collab.net )
--
I saw nothing unusual in the teacher's lounge.
I saw nothing unusual in the teacher's lounge.
I saw nothing unusual in the teacher's lounge...

          - Bart Simpson on chalkboard, _The Simpsons_

[Prev in Thread]

Current Thread

[Next in Thread]

RE: CVS_RSH env-var feature patch, Ellison, Martin [IT], 2001/09/02
- Re: CVS_RSH env-var feature patch, Larry Jones, 2001/09/02
  - Re: CVS_RSH env-var feature patch, Derek R. Price <=

Prev by Date: 8 character password limit
Next by Date: Re: cvs rdiff -B feature
Previous by thread: Re: CVS_RSH env-var feature patch
Next by thread: warning: cannot make directory CVS
Index(es):
- Date
- Thread