rpms/rb_libtorrent/F-10 rb_libtorrent-0.13-CVE-2009-1760.diff, NONE, 1.1 rb_libtorrent.spec, 1.15, 1.16
Peter Gordon
pgordon at fedoraproject.org
Sun Jun 14 20:25:44 UTC 2009
Author: pgordon
Update of /cvs/pkgs/rpms/rb_libtorrent/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3968
Modified Files:
rb_libtorrent.spec
Added Files:
rb_libtorrent-0.13-CVE-2009-1760.diff
Log Message:
Apply upstream patch for CVE-2009-1760 (#505523)
rb_libtorrent-0.13-CVE-2009-1760.diff:
--- NEW FILE rb_libtorrent-0.13-CVE-2009-1760.diff ---
diff -U0 ./ChangeLog.old ./ChangeLog
--- ./ChangeLog.old 2009-06-14 12:18:03.058662151 -0700
+++ ./ChangeLog 2009-06-14 12:18:37.577661439 -0700
@@ -2,0 +3 @@
+ * fixed torrent file path vulnerability
diff -up ./include/libtorrent/socket.hpp.old ./include/libtorrent/socket.hpp
diff -up ./src/torrent_info.cpp.old ./src/torrent_info.cpp
--- ./src/torrent_info.cpp.old 2009-06-14 12:18:10.271661693 -0700
+++ ./src/torrent_info.cpp 2009-06-14 12:21:17.023536095 -0700
@@ -31,7 +31,6 @@ POSSIBILITY OF SUCH DAMAGE.
*/
#include "libtorrent/pch.hpp"
-
#include <ctime>
#include <iostream>
#include <fstream>
@@ -39,6 +38,7 @@ POSSIBILITY OF SUCH DAMAGE.
#include <iterator>
#include <algorithm>
#include <set>
+#include <string>
#ifdef _MSC_VER
#pragma warning(push, 1)
@@ -74,6 +74,29 @@ namespace
str += 0x80 | (chr & 0x3f);
}
+ bool valid_path_element(std::string const& element)
+ {
+ if (element.empty()
+ || element == "." || element == ".."
+ || element[0] == '/' || element[0] == '\\'
+ || element[element.size()-1] == ':')
+ return false;
+ return true;
+ }
+
+ fs::path sanitize_path(fs::path const& p)
+ {
+ fs::path new_path;
+ for (fs::path::const_iterator i = p.begin(); i != p.end(); ++i)
+ {
+ if (!valid_path_element(*i)) continue;
+ std::string pe = *i;
+ new_path /= pe;
+ }
+ TORRENT_ASSERT(!new_path.is_complete());
+ return new_path;
+ }
+
void verify_encoding(file_entry& target)
{
std::string tmp_path;
@@ -184,9 +230,9 @@ namespace
for (entry::list_type::const_iterator i = list->begin();
i != list->end(); ++i)
{
- if (i->string() != "..")
- target.path /= i->string();
+ target.path /= i->string();
}
+ target.path = sanitize_path(target.path);
verify_encoding(target);
if (target.path.is_complete()) throw std::runtime_error("torrent contains "
"a file with an absolute path: '"
@@ -349,24 +395,9 @@ namespace libtorrent
else
{ m_name = info["name"].string(); }
- fs::path tmp = m_name;
- if (tmp.is_complete())
- {
- m_name = tmp.leaf();
- }
- else if (tmp.has_branch_path())
- {
- fs::path p;
- for (fs::path::iterator i = tmp.begin()
- , end(tmp.end()); i != end; ++i)
- {
- if (*i == "." || *i == "..") continue;
- p /= *i;
- }
- m_name = p.string();
- }
- if (m_name == ".." || m_name == ".")
- throw std::runtime_error("invalid 'name' of torrent (possible exploit attempt)");
+ m_name = sanitize_path(m_name).string();
+ if (!valid_path_element(m_name))
+ throw std::runtime_error("invalid 'name' of torrent (possible exploit attempt)");
// extract file list
entry const* i = info.find_key("files");
Index: rb_libtorrent.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rb_libtorrent/F-10/rb_libtorrent.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -p -r1.15 -r1.16
--- rb_libtorrent.spec 6 Jan 2009 02:06:43 -0000 1.15
+++ rb_libtorrent.spec 14 Jun 2009 20:25:13 -0000 1.16
@@ -3,7 +3,7 @@
Name: rb_libtorrent
Version: 0.13.1
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: A C++ BitTorrent library aiming to be the best alternative
Group: System Environment/Libraries
@@ -20,6 +20,8 @@ Source3: %{name}-COPYING.zlib
## Message-Id: <1216701448.24546.11.camel at tuxhugs>
Source4: %{name}-python-setup.py
+Patch0: %{name}-0.13-CVE-2009-1760.diff
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: asio-devel
@@ -91,6 +93,7 @@ module) that allow it to be used from wi
%prep
%setup -q -n "libtorrent-rasterbar-%{version}"
+%patch0 -b .CVE-2009-1760
## The RST files are the sources used to create the final HTML files; and are
## not needed.
rm -f docs/*.rst
@@ -187,6 +190,12 @@ rm -rf %{buildroot}
%changelog
+* Sun Jun 14 2009 Peter Gordon <peter at thecodergeek.com> - 0.13.1-5
+- Apply upstream patch to fix CVE-2009-1760 (arbitrary file overwrite
+ vulnerability):
+ + 0.13-CVE-2009-1760.diff
+- Fixes security bug #505523.
+
* Mon Jan 05 2009 Peter Gordon <peter at thecodergeek.com> - 0.13.1-4
- Add asio-devel as runtime dependency for the devel subpackage (#478589)
More information about the fedora-extras-commits
mailing list