savannah-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-dev] [Bug #7] Potential overflow on CVS server command line

From: noreply
Subject: [Savannah-dev] [Bug #7] Potential overflow on CVS server command line
Date: Mon, 29 Apr 2002 14:27:08 -0400 
=================== Bug #7: Latest Modifications ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=7&group_id=11

Changes by: Loic Dachary <address@hidden>
Date: 2002-Apr-29 18:27 (GMT)

            What     | Removed                   | Added
---------------------------------------------------------------------------
          Resolution | None                      | Fixed
              Status | Open                      | Closed


------------------ Additional Follow-up Comments ----------------------------
The patch was applied and tested for a while. It is now
activated by default for all pserver sessions. The
documentation http://savannah.gnu.org/savannah.html was updated to reflect the 
change. The old cvs server was backed up in /usr/bin/cvs-2002-04-20 in case 
something really bad happens.



=================== Bug #7: Full Bug Snapshot ===================


Submitted by: ljulliar                  Project: savannah                       
Submitted on: 2002-Apr-19 14:15
Category:  CVS                          Severity:  9 - Blocker                  
Priority:  Low                          Bug Group:  None                        
Resolution:  Fixed                      Assigned to:  loic                      
Status:  Closed                         Effort:  5.00                           

Summary:  Potential overflow on CVS server command line

Original Submission:  Savannah currently uses a standard cvs server. All the 
allowed root files are therefore passed as a lonmg series of "--allow-root 
/cvsroot/foo" options.

On Linux the size limit for a command line is 64 KBytes so at about say 40 
chars per option, the command overflow will show up when we'll approach 1600 
projects.

Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Apr-29 18:27             By: loic
The patch was applied and tested for a while. It is now
activated by default for all pserver sessions. The
documentation http://savannah.gnu.org/savannah.html was updated to reflect the 
change. The old cvs server was backed up in /usr/bin/cvs-2002-04-20 in case 
something really bad happens.

-------------------------------------------------------
Date: 2002-Apr-22 07:21             By: lo-lan-do
You could also check out a patch I submitted to the upstream maintainers of 
CVS.  This patch adds a "--allow-root-regexp" command line option, allowing you 
to specify, for instance, "/var/lib/savannah/cvsroot/.*" as allowed cvsroots.  
I can't remember the URL offhand, but it seemed to work, and it should be 
included in the next release of CVS.

-------------------------------------------------------
Date: 2002-Apr-20 22:20             By: loic
Applied the patch. A test server is available on port 2402.
cvs -d :pserver:address@hidden:/cvsroot/uri co uri


-------------------------------------------------------
Date: 2002-Apr-19 14:22             By: ljulliar
I have already fixed this problem for CodeX at Xerox. We just need to apply a 
little patch to cvs (see attachement) which creates a new option called 
"--allow-root-file filename" where the file contains a list of allowed cvs root.

This file of allowed cvs roots will be generated by the Savannah background 
daemon.


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=7&group_id=11
reply via email to
[Prev in Thread] Current Thread [Next in Thread]