[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Infinite loop in "cvs server"
From: |
Larry Jones |
Subject: |
Re: Infinite loop in "cvs server" |
Date: |
Fri, 4 Oct 2002 16:03:04 -0400 (EDT) |
Pavel Roskin writes:
>
> I run "cvs server" from the command line (I tried Linux console and rxvt -
> same result), then I press Ctrl-C and Ctrl-D.
>
> This message is printed continuously:
>
> cvs: buffer.c:1384: stdio_buffer_shutdown: Assertion `fstat ( fileno
> (bc->fp), &s ) != -1' failed.
>
> I can only kill cvs by the "KILL" signal.
That's been reported before. There's a bug in the cleanup code that
causes it to go into an infinite loop: the assertion failure ends up
calling the cleanup code which causes the assertion failure again. I've
checked in a fix.
> I cannot reproduce this bug over ssh (OpenSSH_3.4p1) - cvs terminates on
> Ctrl-C. However, I cannot exclude the possibility that this bug can be
> exploited to execute random commands on a server that only allows the user
> to execute "cvs server".
It's a simple infinite loop, not a buffer overflow or anything that's
exploitable.
-Larry Jones
You're just trying to get RID of me, aren't you? -- Calvin