rpms/rb_libtorrent/F-8 rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch, NONE, 1.1 rb_libtorrent.spec, 1.7, 1.8
Peter Gordon (pgordon)
fedora-extras-commits at redhat.com
Tue Jan 29 08:05:52 UTC 2008
- Previous message (by thread): rpms/rb_libtorrent/devel rb_libtorrent.spec,1.8,1.9
- Next message (by thread): rpms/file/devel file-4.23-ELF.patch, NONE, 1.1 file-4.23-fsdump.patch, NONE, 1.1 file-4.23-msoffice.patch, NONE, 1.1 .cvsignore, 1.19, 1.20 file.spec, 1.66, 1.67 sources, 1.19, 1.20 file-4.13-fsdump.patch, 1.1, NONE file-4.17-bash.patch, 1.2, NONE file-4.17-powerpoint.patch, 1.1, NONE file-4.19-ELF.patch, 1.1, NONE file-4.20-unused.patch, 1.1, NONE file-4.21-core_from.patch, 1.1, NONE file-4.21-msoffice.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pgordon
Update of /cvs/pkgs/rpms/rb_libtorrent/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20217/F-8
Modified Files:
rb_libtorrent.spec
Added Files:
rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch
Log Message:
Add upstream patch to fix potential stack overflow in bdecode_recursive routine.
rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch:
--- NEW FILE rb_libtorrent-svn1968-bdecode_recursive-security-fix.patch ---
--- /branches/RC_0_12/include/libtorrent/bencode.hpp (revision 727)
+++ /branches/RC_0_12/include/libtorrent/bencode.hpp (revision 1968)
@@ -201,6 +201,7 @@
template<class InIt>
- void bdecode_recursive(InIt& in, InIt end, entry& ret)
- {
+ void bdecode_recursive(InIt& in, InIt end, entry& ret, int depth)
+ {
+ if (depth >= 100) throw invalid_encoding();
if (in == end) throw invalid_encoding();
switch (*in)
@@ -229,5 +230,5 @@
ret.list().push_back(entry());
entry& e = ret.list().back();
- bdecode_recursive(in, end, e);
+ bdecode_recursive(in, end, e, depth + 1);
if (in == end) throw invalid_encoding();
}
@@ -245,7 +246,7 @@
{
entry key;
- bdecode_recursive(in, end, key);
+ bdecode_recursive(in, end, key, depth + 1);
entry& e = ret[key.string()];
- bdecode_recursive(in, end, e);
+ bdecode_recursive(in, end, e, depth + 1);
if (in == end) throw invalid_encoding();
}
@@ -286,5 +287,5 @@
{
entry e;
- detail::bdecode_recursive(start, end, e);
+ detail::bdecode_recursive(start, end, e, 0);
return e;
}
Index: rb_libtorrent.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rb_libtorrent/F-8/rb_libtorrent.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- rb_libtorrent.spec 3 Aug 2007 19:11:33 -0000 1.7
+++ rb_libtorrent.spec 29 Jan 2008 08:05:17 -0000 1.8
@@ -1,6 +1,6 @@
Name: rb_libtorrent
Version: 0.12
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: A C++ BitTorrent library aiming to be the best alternative
Group: System Environment/Libraries
@@ -12,11 +12,15 @@
Source2: %{name}-COPYING.Boost
Source3: %{name}-COPYING.zlib
+Patch0: %{name}-svn1968-bdecode_recursive-security-fix.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: boost-devel
BuildRequires: zlib-devel
BuildRequires: libtool
+## Necessary for 'rename'...
+BuildRequires: util-linux-ng
## The following is taken from it's website listing...mostly.
%description
@@ -80,6 +84,9 @@
## Fix the installed pkgconfig file: we don't need linkage that the
## libtorrent DSO already ensures.
sed -i -e 's/^Libs:.*$/Libs: -L${libdir} -ltorrent/' libtorrent.pc.in
+## SECURITY: Fix potential stack overflow in bencode_recursive with
+## malformed messages.
+%patch0 -p3 -b .bdecode_recursive-security-fix
%build
@@ -142,6 +149,12 @@
%changelog
+* Mon Jan 28 2008 Peter Gordon <peter at thecodergeek.com> - 0.12-3
+- Add upstream patch (changeset 1968) to fix potential security vulnerability:
+ malformed messages passed through the bdecode_recursive routine could cause
+ a potential stack overflow.
+ + svn1968-bdecode_recursive-security-fix.patch
+
* Fri Aug 03 2007 Peter Gordon <peter at thecodergeek.com> - 0.12-2
- Rebuild against new Boost libraries.
- Previous message (by thread): rpms/rb_libtorrent/devel rb_libtorrent.spec,1.8,1.9
- Next message (by thread): rpms/file/devel file-4.23-ELF.patch, NONE, 1.1 file-4.23-fsdump.patch, NONE, 1.1 file-4.23-msoffice.patch, NONE, 1.1 .cvsignore, 1.19, 1.20 file.spec, 1.66, 1.67 sources, 1.19, 1.20 file-4.13-fsdump.patch, 1.1, NONE file-4.17-bash.patch, 1.2, NONE file-4.17-powerpoint.patch, 1.1, NONE file-4.19-ELF.patch, 1.1, NONE file-4.20-unused.patch, 1.1, NONE file-4.21-core_from.patch, 1.1, NONE file-4.21-msoffice.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list