Date: Mon, 15 Dec 2003 16:08:42 +0000 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: Mike Tancsa <mike@sentex.net>, <freebsd-security@freebsd.org> Subject: Re: cvs version 1.11.10 import? [security fix] Message-ID: <5.0.2.1.1.20031215155516.02e4e820@popserver.sfu.ca> In-Reply-To: <6.0.1.1.0.20031215104607.04fd2b48@209.112.4.2> References: <5.0.2.1.1.20031211011207.01cb9d60@popserver.sfu.ca> <20031211010804.371685299@ftp.bjpu.edu.cn> <5.0.2.1.1.20031211011207.01cb9d60@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:46 15/12/2003 -0500, Mike Tancsa wrote: >Hi, did you ever find out if this security issue does effect FreeBSD ? I think it does. As far as I can tell, it seems to cause problems when CVSROOT is :local:/something. I'm not sure if this is actually exploitable -- I can't see any indication that the cvs people know, either -- but the buggy code is definitely in FreeBSD. Since they don't seem to have published it, I've extracted the relevant patch from CVS's CVS tree and included it below. Colin Percival =================================================================== RCS file: /usr/local/tigris/data/helm/cvs/repository/ccvs/src/expand_path.c,v retrieving revision 1.21 retrieving revision 1.21.6.1 diff -u -r1.21 -r1.21.6.1 --- ccvs/src/expand_path.c 2001/01/09 13:59:59 1.21 +++ ccvs/src/expand_path.c 2003/12/03 19:22:01 1.21.6.1 @@ -272,7 +272,7 @@ int line; { if (strcmp (name, CVSROOT_ENV) == 0) - return current_parsed_root->original; + return current_parsed_root->directory; else if (strcmp (name, "RCSBIN") == 0) { error (0, 0, "RCSBIN internal variable is no longer supported");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20031215155516.02e4e820>