Matthias Scheler writes: > > I tried to correct a typo in a very commit message today (more than 4KB) > with a command like this one: [...] > "cvs" died with a segmentation fault. I shortened the CVS commit message > by several lines and "cvs admin" worked. I readded a few lines, the local > "cvs" process worked fine but the remote "cvs server" process crashed. It > looks to me like a buffer overflow which can be abused to gain shell > access to a remote CVS server.
I don't see anything obviously wrong with the code -- is there any chance you could get a traceback from one of the crashes? > This is with CVS 1.11.20 under NetBSD-i386 3.0_BETA. Is that the client, the server, or both? (The "cvs version" command in a working directory prints both client and server info.) -Larry Jones In my opinion, we don't devote nearly enough scientific research to finding a cure for jerks. -- Calvin _______________________________________________ Bug-cvs mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/bug-cvs
