[PATCH] Subversion Command-Line Client crashes with long lists of options

From: David James <james82_at_gmail.com>
Date: 2005-07-02 22:32:24 CEST

Right now, if you pass in a really long list of valid arguments into
the command-line client, you can overflow its buffer of command-line
options and execute arbitrary code. The impact of this bug is
mitigated by the fact that users who have access to the command-line
client can usually already execute arbitrary code.

To see this bug in action, type the following command:
yes --old | head -n 300 | xargs svn

Before the patch:
james@syntax% yes --old | head -n 300 | xargs svn
xargs: svn: terminated by signal 11

After the patch:
james@syntax% yes --old | head -n 300 | xargs subversion/clients/cmdline/svn
svn: Too many options

clients/cmdline/main.c
(main): Prevent buffer overflow when list of command-line options is very long

Cheers,

David

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

text/plain attachment: overflow_patch.txt

Received on Sat Jul 2 22:33:40 2005

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]