|
Bugtraq
mailing list archives
Re: [DER ADV#8] - Local off by one in CVSD
From: larry.jones () sdrc com (Larry Jones)
Date: Sun, 26 May 2002 15:23:16 -0400 (EDT)
On Sat, 25 May 2002, david evlis reign wrote:
##########################
#DER PATCH FOR CVS < 1.11#
##########################
--- rcs_old.c Mon Jan 25 02:05:16 2002
+++ rcs.c Mon Jan 25 02:05:40 2002
--- 4238: if (sscanf (info->data, "%16s %lu",
+++ 4238: if (sscanf (info->data, "%.15s %lu",
devtype, &devnum_long) < 2)
error (1, 0, "%s:%s has bad `special' newphrase %s",
workfile, vers->version, info->data);
That is not correct. Unlike printf, scanf uses the *field width*, not
the precision, to specify the maximum number of characters to read. The
correct code is:
if (sscanf (info->data, "%15s %lu",
vendor notification: nope.
Thanks a heap. For what it's worth, that problem only occurs in the CVS
PreservePermissions code which is notoriously buggy, to the point where
it has been disabled in recent releases to keep people who don't know
any better from using it. Nonetheless, it is fixed in the recently
released CVS 1.11.2.
-Larry Jones
I must have been delirious from having so much fun. -- Calvin
 By Date 
By Thread
Current thread:
|
Intro
