rpms/rb_libtorrent/devel rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch, NONE, 1.1 rb_libtorrent.spec, 1.7, 1.8

Peter Gordon (pgordon) fedora-extras-commits at redhat.com
Tue Jan 29 07:40:31 UTC 2008 

Author: pgordon

Update of /cvs/pkgs/rpms/rb_libtorrent/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12467

Modified Files:
	rb_libtorrent.spec 
Added Files:
	rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch 
Log Message:
Add upstream patch to fix potential stack overflow in bdecode_recursive routine.

rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch:

--- NEW FILE rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch ---
--- /branches/RC_0_12/include/libtorrent/bencode.hpp (revision 727)
+++ /branches/RC_0_12/include/libtorrent/bencode.hpp (revision 1968)
@@ -201,6 +201,7 @@
 
 		template<class InIt>
-		void bdecode_recursive(InIt& in, InIt end, entry& ret)
-		{
+		void bdecode_recursive(InIt& in, InIt end, entry& ret, int depth)
+		{
+			if (depth >= 100) throw invalid_encoding();
 			if (in == end) throw invalid_encoding();
 			switch (*in)
@@ -229,5 +230,5 @@
 					ret.list().push_back(entry());
 					entry& e = ret.list().back();
-					bdecode_recursive(in, end, e);
+					bdecode_recursive(in, end, e, depth + 1);
 					if (in == end) throw invalid_encoding();
 				}
@@ -245,7 +246,7 @@
 				{
 					entry key;
-					bdecode_recursive(in, end, key);
+					bdecode_recursive(in, end, key, depth + 1);
 					entry& e = ret[key.string()];
-					bdecode_recursive(in, end, e);
+					bdecode_recursive(in, end, e, depth + 1);
 					if (in == end) throw invalid_encoding();
 				}
@@ -286,5 +287,5 @@
 		{
 			entry e;
-			detail::bdecode_recursive(start, end, e);
+			detail::bdecode_recursive(start, end, e, 0);
 			return e;
 		}


Index: rb_libtorrent.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rb_libtorrent/devel/rb_libtorrent.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- rb_libtorrent.spec	3 Aug 2007 19:11:33 -0000	1.7
+++ rb_libtorrent.spec	29 Jan 2008 07:39:53 -0000	1.8
@@ -1,6 +1,6 @@
 Name:		rb_libtorrent
 Version:	0.12
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	A C++ BitTorrent library aiming to be the best alternative
 
 Group:		System Environment/Libraries
@@ -12,6 +12,8 @@
 Source2:	%{name}-COPYING.Boost
 Source3:	%{name}-COPYING.zlib
 
+Patch0: 	%{name}-svn1968-bdecode_recursive-security-fix.patch
+
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	boost-devel
@@ -80,6 +82,9 @@
 ## Fix the installed pkgconfig file: we don't need linkage that the
 ## libtorrent DSO already ensures. 
 sed -i -e 's/^Libs:.*$/Libs: -L${libdir} -ltorrent/' libtorrent.pc.in 
+## SECURITY: Fix potential stack overflow in bencode_recursive with
+## malformed messages. 
+%patch0 -p3 -b .bdecode_recursive-security-fix 
 
 
 %build
@@ -142,6 +147,12 @@
 
 
 %changelog
+* Mon Jan 28 2008 Peter Gordon <peter at thecodergeek.com> - 0.12-3
+- Add upstream patch (changeset 1968) to fix potential security vulnerability:
+  malformed messages passed through the bdecode_recursive routine could cause
+  a potential stack overflow.
+  + svn1968-bdecode_recursive-security-fix.patch
+
 * Fri Aug 03 2007 Peter Gordon <peter at thecodergeek.com> - 0.12-2
 - Rebuild against new Boost libraries.

More information about the fedora-extras-commits mailing list