[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-security
Subject:    Re: cvs version 1.11.10 import? [security fix]
From:       Colin Percival <colin.percival () wadham ! ox ! ac ! uk>
Date:       2003-12-15 16:08:42
[Download RAW message or body]

At 10:46 15/12/2003 -0500, Mike Tancsa wrote:
>Hi, did you ever find out if this security issue does effect FreeBSD ?

   I think it does.  As far as I can tell, it seems to cause
problems when CVSROOT is :local:/something.  I'm not sure if
this is actually exploitable -- I can't see any indication
that the cvs people know, either -- but the buggy code is
definitely in FreeBSD.
   Since they don't seem to have published it, I've extracted
the relevant patch from CVS's CVS tree and included it below.

Colin Percival

===================================================================
RCS file: /usr/local/tigris/data/helm/cvs/repository/ccvs/src/expand_path.c,v
retrieving revision 1.21
retrieving revision 1.21.6.1
diff -u -r1.21 -r1.21.6.1
--- ccvs/src/expand_path.c      2001/01/09 13:59:59     1.21
+++ ccvs/src/expand_path.c      2003/12/03 19:22:01     1.21.6.1
@@ -272,7 +272,7 @@
      int line;
  {
      if (strcmp (name, CVSROOT_ENV) == 0)
-       return current_parsed_root->original;
+       return current_parsed_root->directory;
      else if (strcmp (name, "RCSBIN") == 0)
      {
         error (0, 0, "RCSBIN internal variable is no longer supported");



_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]