David James <james82@gmail.com> writes:
> Right now, if you pass in a really long list of valid arguments into
> the command-line client, you can overflow its buffer of command-line
> options and execute arbitrary code. The impact of this bug is
> mitigated by the fact that users who have access to the command-line
> client can usually already execute arbitrary code.
>
> To see this bug in action, type the following command:
> yes --old | head -n 300 | xargs svn
>
> Before the patch:
> james@syntax% yes --old | head -n 300 | xargs svn
> xargs: svn: terminated by signal 11
>
> After the patch:
> james@syntax% yes --old | head -n 300 | xargs subversion/clients/cmdline/svn
> svn: Too many options
>
> clients/cmdline/main.c
Nice catch! I see that Max committed r15251 to fix.
Hint for next time: please mail security@subversion.tigris.org first
if you suspect something might be a security hole. That way it can be
evaluated privately before the public becomes aware of it.
Thanks,
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 5 18:55:15 2005