Date: Mon, 15 Dec 2003 16:08:42 +0000 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: Mike Tancsa <mike@sentex.net>, <freebsd-security@freebsd.org> Subject: Re: cvs version 1.11.10 import? [security fix] Message-ID: <5.0.2.1.1.20031215155516.02e4e820@popserver.sfu.ca> In-Reply-To: <6.0.1.1.0.20031215104607.04fd2b48@209.112.4.2> References: <5.0.2.1.1.20031211011207.01cb9d60@popserver.sfu.ca> <20031211010804.371685299@ftp.bjpu.edu.cn> <5.0.2.1.1.20031211011207.01cb9d60@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:46 15/12/2003 -0500, Mike Tancsa wrote:
>Hi, did you ever find out if this security issue does effect FreeBSD ?
I think it does. As far as I can tell, it seems to cause
problems when CVSROOT is :local:/something. I'm not sure if
this is actually exploitable -- I can't see any indication
that the cvs people know, either -- but the buggy code is
definitely in FreeBSD.
Since they don't seem to have published it, I've extracted
the relevant patch from CVS's CVS tree and included it below.
Colin Percival
===================================================================
RCS file: /usr/local/tigris/data/helm/cvs/repository/ccvs/src/expand_path.c,v
retrieving revision 1.21
retrieving revision 1.21.6.1
diff -u -r1.21 -r1.21.6.1
--- ccvs/src/expand_path.c 2001/01/09 13:59:59 1.21
+++ ccvs/src/expand_path.c 2003/12/03 19:22:01 1.21.6.1
@@ -272,7 +272,7 @@
int line;
{
if (strcmp (name, CVSROOT_ENV) == 0)
- return current_parsed_root->original;
+ return current_parsed_root->directory;
else if (strcmp (name, "RCSBIN") == 0)
{
error (0, 0, "RCSBIN internal variable is no longer supported");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20031215155516.02e4e820>