Re: Infinite loop in "cvs server"

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Infinite loop in "cvs server"

From:	Larry Jones
Subject:	Re: Infinite loop in "cvs server"
Date:	Fri, 4 Oct 2002 16:03:04 -0400 (EDT)

Pavel Roskin writes:
> 
> I run "cvs server" from the command line (I tried Linux console and rxvt - 
> same result), then I press Ctrl-C and Ctrl-D.
> 
> This message is printed continuously:
> 
> cvs: buffer.c:1384: stdio_buffer_shutdown: Assertion `fstat ( fileno 
> (bc->fp), &s ) != -1' failed.
> 
> I can only kill cvs by the "KILL" signal.

That's been reported before.  There's a bug in the cleanup code that
causes it to go into an infinite loop: the assertion failure ends up
calling the cleanup code which causes the assertion failure again.  I've
checked in a fix.

> I cannot reproduce this bug over ssh (OpenSSH_3.4p1) - cvs terminates on
> Ctrl-C.  However, I cannot exclude the possibility that this bug can be
> exploited to execute random commands on a server that only allows the user
> to execute "cvs server".

It's a simple infinite loop, not a buffer overflow or anything that's
exploitable.

-Larry Jones

You're just trying to get RID of me, aren't you? -- Calvin

[Prev in Thread]

Current Thread

[Next in Thread]

Infinite loop in "cvs server", Pavel Roskin, 2002/10/03
- Re: Infinite loop in "cvs server", Larry Jones, 2002/10/04
- Re: Infinite loop in "cvs server", Larry Jones <=

Prev by Date: Re: Infinite loop in "cvs server"
Next by Date: (no subject)
Previous by thread: Re: Infinite loop in "cvs server"
Next by thread: New High Performance Rink System Installed In Washington State
Index(es):
- Date
- Thread