[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Subversion Command-Line Client crashes with long lists of options

From: David James <james82_at_gmail.com>
Date: 2005-07-02 22:32:24 CEST

Right now, if you pass in a really long list of valid arguments into
the command-line client, you can overflow its buffer of command-line
options and execute arbitrary code. The impact of this bug is
mitigated by the fact that users who have access to the command-line
client can usually already execute arbitrary code.

To see this bug in action, type the following command:
  yes --old | head -n 300 | xargs svn

Before the patch:
   james@syntax% yes --old | head -n 300 | xargs svn
   xargs: svn: terminated by signal 11

After the patch:
  james@syntax% yes --old | head -n 300 | xargs subversion/clients/cmdline/svn
  svn: Too many options

clients/cmdline/main.c
(main): Prevent buffer overflow when list of command-line options is very long

Cheers,

David

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Sat Jul 2 22:33:40 2005

This is an archived mail posted to the Subversion Dev mailing list.