[Savannah-dev] [Bug #7] Potential overflow on CVS server command line

[noreply]

Bug #7, was updated on 2002-Apr-19 16:15
Here is a current snapshot of the bug.

Project: savannah
Category:  CVS
Severity:  9 - Critical
Priority:  Low
Bug Group:  None
Resolution:  None
Assigned to:  loic
Status:  Open
Effort:  5.00
Summary:  Potential overflow on CVS server command line

Original Submission:  Savannah currently uses a standard cvs server. All the 
allowed root files are therefore passed as a lonmg series of "--allow-root 
/cvsroot/foo" options.

On Linux the size limit for a command line is 64 KBytes so at about say 40 
chars per option, the command overflow will show up when we'll approach 1600 
projects.

Follow-Ups:
**********

-------------------------------------------------------
Date: 2002-Apr-22 09:21
By: lo-lan-do

Comment:
You could also check out a patch I submitted to the upstream maintainers of 
CVS.  This patch adds a "--allow-root-regexp" command line option, allowing you 
to specify, for instance, "/var/lib/savannah/cvsroot/.*" as allowed cvsroots.  
I can't remember the URL offhand, but it seemed to work, and it should be 
included in the next release of CVS.

-------------------------------------------------------
Date: 2002-Apr-21 00:20
By: loic

Comment:
Applied the patch. A test server is available on port 2402.
cvs -d :pserver:address@hidden:/cvsroot/uri co uri


-------------------------------------------------------
Date: 2002-Apr-19 16:22
By: ljulliar

Comment:
I have already fixed this problem for CodeX at Xerox. We just need to apply a 
little patch to cvs (see attachement) which creates a new option called 
"--allow-root-file filename" where the file contains a list of allowed cvs root.

This file of allowed cvs roots will be generated by the Savannah background 
daemon.

For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=7&group_id=11