[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Subversion Command-Line Client crashes with long lists of options

From: <kfogel_at_collab.net>
Date: 2005-07-05 17:18:45 CEST

David James <james82@gmail.com> writes:
> Right now, if you pass in a really long list of valid arguments into
> the command-line client, you can overflow its buffer of command-line
> options and execute arbitrary code. The impact of this bug is
> mitigated by the fact that users who have access to the command-line
> client can usually already execute arbitrary code.
>
> To see this bug in action, type the following command:
> yes --old | head -n 300 | xargs svn
>
> Before the patch:
> james@syntax% yes --old | head -n 300 | xargs svn
> xargs: svn: terminated by signal 11
>
> After the patch:
> james@syntax% yes --old | head -n 300 | xargs subversion/clients/cmdline/svn
> svn: Too many options
>
> clients/cmdline/main.c

Nice catch! I see that Max committed r15251 to fix.

Hint for next time: please mail security@subversion.tigris.org first
if you suspect something might be a security hole. That way it can be
evaluated privately before the public becomes aware of it.

Thanks,
-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 5 18:55:15 2005

This is an archived mail posted to the Subversion Dev mailing list.