rpms/rb_libtorrent/devel rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch, NONE, 1.1 rb_libtorrent.spec, 1.7, 1.8
Peter Gordon (pgordon)
fedora-extras-commits at redhat.com
Tue Jan 29 07:40:31 UTC 2008
Author: pgordon
Update of /cvs/pkgs/rpms/rb_libtorrent/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12467
Modified Files:
rb_libtorrent.spec
Added Files:
rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch
Log Message:
Add upstream patch to fix potential stack overflow in bdecode_recursive routine.
rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch:
--- NEW FILE rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch ---
--- /branches/RC_0_12/include/libtorrent/bencode.hpp (revision 727)
+++ /branches/RC_0_12/include/libtorrent/bencode.hpp (revision 1968)
@@ -201,6 +201,7 @@
template<class InIt>
- void bdecode_recursive(InIt& in, InIt end, entry& ret)
- {
+ void bdecode_recursive(InIt& in, InIt end, entry& ret, int depth)
+ {
+ if (depth >= 100) throw invalid_encoding();
if (in == end) throw invalid_encoding();
switch (*in)
@@ -229,5 +230,5 @@
ret.list().push_back(entry());
entry& e = ret.list().back();
- bdecode_recursive(in, end, e);
+ bdecode_recursive(in, end, e, depth + 1);
if (in == end) throw invalid_encoding();
}
@@ -245,7 +246,7 @@
{
entry key;
- bdecode_recursive(in, end, key);
+ bdecode_recursive(in, end, key, depth + 1);
entry& e = ret[key.string()];
- bdecode_recursive(in, end, e);
+ bdecode_recursive(in, end, e, depth + 1);
if (in == end) throw invalid_encoding();
}
@@ -286,5 +287,5 @@
{
entry e;
- detail::bdecode_recursive(start, end, e);
+ detail::bdecode_recursive(start, end, e, 0);
return e;
}
Index: rb_libtorrent.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rb_libtorrent/devel/rb_libtorrent.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- rb_libtorrent.spec 3 Aug 2007 19:11:33 -0000 1.7
+++ rb_libtorrent.spec 29 Jan 2008 07:39:53 -0000 1.8
@@ -1,6 +1,6 @@
Name: rb_libtorrent
Version: 0.12
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: A C++ BitTorrent library aiming to be the best alternative
Group: System Environment/Libraries
@@ -12,6 +12,8 @@
Source2: %{name}-COPYING.Boost
Source3: %{name}-COPYING.zlib
+Patch0: %{name}-svn1968-bdecode_recursive-security-fix.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: boost-devel
@@ -80,6 +82,9 @@
## Fix the installed pkgconfig file: we don't need linkage that the
## libtorrent DSO already ensures.
sed -i -e 's/^Libs:.*$/Libs: -L${libdir} -ltorrent/' libtorrent.pc.in
+## SECURITY: Fix potential stack overflow in bencode_recursive with
+## malformed messages.
+%patch0 -p3 -b .bdecode_recursive-security-fix
%build
@@ -142,6 +147,12 @@
%changelog
+* Mon Jan 28 2008 Peter Gordon <peter at thecodergeek.com> - 0.12-3
+- Add upstream patch (changeset 1968) to fix potential security vulnerability:
+ malformed messages passed through the bdecode_recursive routine could cause
+ a potential stack overflow.
+ + svn1968-bdecode_recursive-security-fix.patch
+
* Fri Aug 03 2007 Peter Gordon <peter at thecodergeek.com> - 0.12-2
- Rebuild against new Boost libraries.
More information about the fedora-extras-commits
mailing list