Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Ben de Groot (yngwin)" <yngwin@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-libs/rb_libtorrent/files: rb_libtorrent-0.13-CVE-2009-1760.patch rb_libtorrent-0.13-gcc44.patch rb_libtorrent-0.13-boost-1.37.patch
Date: Sun, 28 Jun 2009 00:03:12
Message-Id: E1MKhrD-0005Av-UP@stork.gentoo.org
1 yngwin 09/06/28 00:02:55
2
3 Added: rb_libtorrent-0.13-CVE-2009-1760.patch
4 rb_libtorrent-0.13-gcc44.patch
5 rb_libtorrent-0.13-boost-1.37.patch
6 Log:
7 Cleanup, add 0.13-r1 with security fix for bug 273156, various other fixes
8 (Portage version: 2.2_rc33/cvs/Linux x86_64)
9
10 Revision Changes Path
11 1.1 net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch
12
13 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch?rev=1.1&view=markup
14 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch?rev=1.1&content-type=text/plain
15
16 Index: rb_libtorrent-0.13-CVE-2009-1760.patch
17 ===================================================================
18 From 160ea4fe2beb1d433c96fc432772fd0122421c95 Mon Sep 17 00:00:00 2001
19 From: Robert Buchholz <rbu@g.o>
20 Date: Mon, 8 Jun 2009 12:04:41 +0200
21 Subject: [PATCH] backport CVE-2009-1760 fix from r3621
22
23 ---
24 src/torrent_info.cpp | 47 ++++++++++++++++++++++++++++-------------------
25 1 files changed, 28 insertions(+), 19 deletions(-)
26
27 diff --git a/src/torrent_info.cpp b/src/torrent_info.cpp
28 index 57c8a97..fc6d284 100755
29 --- a/src/torrent_info.cpp
30 +++ b/src/torrent_info.cpp
31 @@ -39,6 +39,7 @@ POSSIBILITY OF SUCH DAMAGE.
32 #include <iterator>
33 #include <algorithm>
34 #include <set>
35 +#include <string>
36
37 #ifdef _MSC_VER
38 #pragma warning(push, 1)
39 @@ -74,6 +75,29 @@ namespace
40 str += 0x80 | (chr & 0x3f);
41 }
42
43 + bool valid_path_element(std::string const& element)
44 + {
45 + if (element.empty()
46 + || element == "." || element == ".."
47 + || element[0] == '/' || element[0] == '\\'
48 + || element[element.size()-1] == ':')
49 + return false;
50 + return true;
51 + }
52 +
53 + fs::path sanitize_path(fs::path const& p)
54 + {
55 + fs::path new_path;
56 + for (fs::path::const_iterator i = p.begin(); i != p.end(); ++i)
57 + {
58 + if (!valid_path_element(*i)) continue;
59 + std::string pe = *i;
60 + new_path /= pe;
61 + }
62 + TORRENT_ASSERT(!new_path.is_complete());
63 + return new_path;
64 + }
65 +
66 void verify_encoding(file_entry& target)
67 {
68 std::string tmp_path;
69 @@ -184,9 +208,9 @@ namespace
70 for (entry::list_type::const_iterator i = list->begin();
71 i != list->end(); ++i)
72 {
73 - if (i->string() != "..")
74 - target.path /= i->string();
75 + target.path /= i->string();
76 }
77 + target.path = sanitize_path(target.path);
78 verify_encoding(target);
79 if (target.path.is_complete()) throw std::runtime_error("torrent contains "
80 "a file with an absolute path: '"
81 @@ -349,23 +373,8 @@ namespace libtorrent
82 else
83 { m_name = info["name"].string(); }
84
85 - fs::path tmp = m_name;
86 - if (tmp.is_complete())
87 - {
88 - m_name = tmp.leaf();
89 - }
90 - else if (tmp.has_branch_path())
91 - {
92 - fs::path p;
93 - for (fs::path::iterator i = tmp.begin()
94 - , end(tmp.end()); i != end; ++i)
95 - {
96 - if (*i == "." || *i == "..") continue;
97 - p /= *i;
98 - }
99 - m_name = p.string();
100 - }
101 - if (m_name == ".." || m_name == ".")
102 + m_name = sanitize_path(m_name).string();
103 + if (!valid_path_element(m_name))
104 throw std::runtime_error("invalid 'name' of torrent (possible exploit attempt)");
105
106 // extract file list
107 --
108 1.6.3.1
109
110
111
112
113 1.1 net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch
114
115 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch?rev=1.1&view=markup
116 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch?rev=1.1&content-type=text/plain
117
118 Index: rb_libtorrent-0.13-gcc44.patch
119 ===================================================================
120 --- libtorrent-0.13/src/identify_client.cpp.orig 2009-06-28 01:11:36.000000000 +0200
121 +++ libtorrent-0.13/src/identify_client.cpp 2009-06-28 01:12:33.000000000 +0200
122 @@ -34,6 +34,7 @@
123
124 #include <cctype>
125 #include <algorithm>
126 +#include <cstdio>
127
128 #ifdef _MSC_VER
129 #pragma warning(push, 1)
130
131
132
133 1.1 net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch
134
135 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch?rev=1.1&view=markup
136 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch?rev=1.1&content-type=text/plain
137
138 Index: rb_libtorrent-0.13-boost-1.37.patch
139 ===================================================================
140 diff -ur libtorrent-0.13.orig/include/libtorrent/disk_io_thread.hpp libtorrent-0.13/include/libtorrent/disk_io_thread.hpp
141 --- libtorrent-0.13.orig/include/libtorrent/disk_io_thread.hpp 2009-05-27 10:45:06.000000000 +0200
142 +++ libtorrent-0.13/include/libtorrent/disk_io_thread.hpp 2009-05-27 11:33:50.000000000 +0200
143 @@ -38,6 +38,7 @@
144 #endif
145
146 #include "libtorrent/storage.hpp"
147 +#include <boost/thread/condition.hpp>
148 #include <boost/thread/thread.hpp>
149 #include <boost/function.hpp>
150 #include <boost/thread/mutex.hpp>
Report Message
Find on MARC Find on Google Groups