>Submitter-Id: net
>Originator:
>Organization: net
>Confidential: yes
>Synopsis: DenialOfService possible in pserver access
>Severity: critical
>Priority: high
>Category: cvs
>Class: sw-bug
>Release: cvs-1.10.8
>Environment:
System: FreeBSD deejai2.mchp.siemens.de 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Thu Mar 30
20:35:41 GMT 2000 [EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386
>Description:
Using an invalid revision tag in a checkout will trigger a situation where
a cvs pserver will start using increasingly more cpu time (over about 15
seconds observation time, it grew from 30% to 95+%), finally putting
a 100% load on the cpu. The only recovery in this situation is killing
the *server side* cvs (terminating the client does not help).
Repeated attempts create more looping processes, leading to the possibility
of a DoS (especially in combination with anonymous cvs access).
>How-To-Repeat:
Assume a repository contains a module MOD, it contains a file MOD/FILE,
and that has a tag TAG.
% cvs co -r TAG MOD
% cvs co -r "" MOD/FILE
% cd MOD
% cvs stat -v FILE
Bug observed with cvs-1.10.7 and 1.10.8
>Fix:
