1 |
yngwin 09/06/28 00:02:55 |
2 |
|
3 |
Added: rb_libtorrent-0.13-CVE-2009-1760.patch |
4 |
rb_libtorrent-0.13-gcc44.patch |
5 |
rb_libtorrent-0.13-boost-1.37.patch |
6 |
Log: |
7 |
Cleanup, add 0.13-r1 with security fix for bug 273156, various other fixes |
8 |
(Portage version: 2.2_rc33/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: rb_libtorrent-0.13-CVE-2009-1760.patch |
17 |
=================================================================== |
18 |
From 160ea4fe2beb1d433c96fc432772fd0122421c95 Mon Sep 17 00:00:00 2001 |
19 |
From: Robert Buchholz <rbu@g.o> |
20 |
Date: Mon, 8 Jun 2009 12:04:41 +0200 |
21 |
Subject: [PATCH] backport CVE-2009-1760 fix from r3621 |
22 |
|
23 |
--- |
24 |
src/torrent_info.cpp | 47 ++++++++++++++++++++++++++++------------------- |
25 |
1 files changed, 28 insertions(+), 19 deletions(-) |
26 |
|
27 |
diff --git a/src/torrent_info.cpp b/src/torrent_info.cpp |
28 |
index 57c8a97..fc6d284 100755 |
29 |
--- a/src/torrent_info.cpp |
30 |
+++ b/src/torrent_info.cpp |
31 |
@@ -39,6 +39,7 @@ POSSIBILITY OF SUCH DAMAGE. |
32 |
#include <iterator> |
33 |
#include <algorithm> |
34 |
#include <set> |
35 |
+#include <string> |
36 |
|
37 |
#ifdef _MSC_VER |
38 |
#pragma warning(push, 1) |
39 |
@@ -74,6 +75,29 @@ namespace |
40 |
str += 0x80 | (chr & 0x3f); |
41 |
} |
42 |
|
43 |
+ bool valid_path_element(std::string const& element) |
44 |
+ { |
45 |
+ if (element.empty() |
46 |
+ || element == "." || element == ".." |
47 |
+ || element[0] == '/' || element[0] == '\\' |
48 |
+ || element[element.size()-1] == ':') |
49 |
+ return false; |
50 |
+ return true; |
51 |
+ } |
52 |
+ |
53 |
+ fs::path sanitize_path(fs::path const& p) |
54 |
+ { |
55 |
+ fs::path new_path; |
56 |
+ for (fs::path::const_iterator i = p.begin(); i != p.end(); ++i) |
57 |
+ { |
58 |
+ if (!valid_path_element(*i)) continue; |
59 |
+ std::string pe = *i; |
60 |
+ new_path /= pe; |
61 |
+ } |
62 |
+ TORRENT_ASSERT(!new_path.is_complete()); |
63 |
+ return new_path; |
64 |
+ } |
65 |
+ |
66 |
void verify_encoding(file_entry& target) |
67 |
{ |
68 |
std::string tmp_path; |
69 |
@@ -184,9 +208,9 @@ namespace |
70 |
for (entry::list_type::const_iterator i = list->begin(); |
71 |
i != list->end(); ++i) |
72 |
{ |
73 |
- if (i->string() != "..") |
74 |
- target.path /= i->string(); |
75 |
+ target.path /= i->string(); |
76 |
} |
77 |
+ target.path = sanitize_path(target.path); |
78 |
verify_encoding(target); |
79 |
if (target.path.is_complete()) throw std::runtime_error("torrent contains " |
80 |
"a file with an absolute path: '" |
81 |
@@ -349,23 +373,8 @@ namespace libtorrent |
82 |
else |
83 |
{ m_name = info["name"].string(); } |
84 |
|
85 |
- fs::path tmp = m_name; |
86 |
- if (tmp.is_complete()) |
87 |
- { |
88 |
- m_name = tmp.leaf(); |
89 |
- } |
90 |
- else if (tmp.has_branch_path()) |
91 |
- { |
92 |
- fs::path p; |
93 |
- for (fs::path::iterator i = tmp.begin() |
94 |
- , end(tmp.end()); i != end; ++i) |
95 |
- { |
96 |
- if (*i == "." || *i == "..") continue; |
97 |
- p /= *i; |
98 |
- } |
99 |
- m_name = p.string(); |
100 |
- } |
101 |
- if (m_name == ".." || m_name == ".") |
102 |
+ m_name = sanitize_path(m_name).string(); |
103 |
+ if (!valid_path_element(m_name)) |
104 |
throw std::runtime_error("invalid 'name' of torrent (possible exploit attempt)"); |
105 |
|
106 |
// extract file list |
107 |
-- |
108 |
1.6.3.1 |
109 |
|
110 |
|
111 |
|
112 |
|
113 |
1.1 net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch |
114 |
|
115 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch?rev=1.1&view=markup |
116 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch?rev=1.1&content-type=text/plain |
117 |
|
118 |
Index: rb_libtorrent-0.13-gcc44.patch |
119 |
=================================================================== |
120 |
--- libtorrent-0.13/src/identify_client.cpp.orig 2009-06-28 01:11:36.000000000 +0200 |
121 |
+++ libtorrent-0.13/src/identify_client.cpp 2009-06-28 01:12:33.000000000 +0200 |
122 |
@@ -34,6 +34,7 @@ |
123 |
|
124 |
#include <cctype> |
125 |
#include <algorithm> |
126 |
+#include <cstdio> |
127 |
|
128 |
#ifdef _MSC_VER |
129 |
#pragma warning(push, 1) |
130 |
|
131 |
|
132 |
|
133 |
1.1 net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch |
134 |
|
135 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch?rev=1.1&view=markup |
136 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch?rev=1.1&content-type=text/plain |
137 |
|
138 |
Index: rb_libtorrent-0.13-boost-1.37.patch |
139 |
=================================================================== |
140 |
diff -ur libtorrent-0.13.orig/include/libtorrent/disk_io_thread.hpp libtorrent-0.13/include/libtorrent/disk_io_thread.hpp |
141 |
--- libtorrent-0.13.orig/include/libtorrent/disk_io_thread.hpp 2009-05-27 10:45:06.000000000 +0200 |
142 |
+++ libtorrent-0.13/include/libtorrent/disk_io_thread.hpp 2009-05-27 11:33:50.000000000 +0200 |
143 |
@@ -38,6 +38,7 @@ |
144 |
#endif |
145 |
|
146 |
#include "libtorrent/storage.hpp" |
147 |
+#include <boost/thread/condition.hpp> |
148 |
#include <boost/thread/thread.hpp> |
149 |
#include <boost/function.hpp> |
150 |
#include <boost/thread/mutex.hpp> |