Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch')
-rw-r--r--net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch92
1 files changed, 92 insertions, 0 deletions
diff --git a/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch b/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch
new file mode 100644
index 000000000000..d91e20689bd3
--- /dev/null
+++ b/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch
@@ -0,0 +1,92 @@
+From 160ea4fe2beb1d433c96fc432772fd0122421c95 Mon Sep 17 00:00:00 2001
+From: Robert Buchholz <rbu@gentoo.org>
+Date: Mon, 8 Jun 2009 12:04:41 +0200
+Subject: [PATCH] backport CVE-2009-1760 fix from r3621
+
+---
+ src/torrent_info.cpp | 47 ++++++++++++++++++++++++++++-------------------
+ 1 files changed, 28 insertions(+), 19 deletions(-)
+
+diff --git a/src/torrent_info.cpp b/src/torrent_info.cpp
+index 57c8a97..fc6d284 100755
+--- a/src/torrent_info.cpp
++++ b/src/torrent_info.cpp
+@@ -39,6 +39,7 @@ POSSIBILITY OF SUCH DAMAGE.
+ #include <iterator>
+ #include <algorithm>
+ #include <set>
++#include <string>
+
+ #ifdef _MSC_VER
+ #pragma warning(push, 1)
+@@ -74,6 +75,29 @@ namespace
+ str += 0x80 | (chr & 0x3f);
+ }
+
++ bool valid_path_element(std::string const& element)
++ {
++ if (element.empty()
++ || element == "." || element == ".."
++ || element[0] == '/' || element[0] == '\\'
++ || element[element.size()-1] == ':')
++ return false;
++ return true;
++ }
++
++ fs::path sanitize_path(fs::path const& p)
++ {
++ fs::path new_path;
++ for (fs::path::const_iterator i = p.begin(); i != p.end(); ++i)
++ {
++ if (!valid_path_element(*i)) continue;
++ std::string pe = *i;
++ new_path /= pe;
++ }
++ TORRENT_ASSERT(!new_path.is_complete());
++ return new_path;
++ }
++
+ void verify_encoding(file_entry& target)
+ {
+ std::string tmp_path;
+@@ -184,9 +208,9 @@ namespace
+ for (entry::list_type::const_iterator i = list->begin();
+ i != list->end(); ++i)
+ {
+- if (i->string() != "..")
+- target.path /= i->string();
++ target.path /= i->string();
+ }
++ target.path = sanitize_path(target.path);
+ verify_encoding(target);
+ if (target.path.is_complete()) throw std::runtime_error("torrent contains "
+ "a file with an absolute path: '"
+@@ -349,23 +373,8 @@ namespace libtorrent
+ else
+ { m_name = info["name"].string(); }
+
+- fs::path tmp = m_name;
+- if (tmp.is_complete())
+- {
+- m_name = tmp.leaf();
+- }
+- else if (tmp.has_branch_path())
+- {
+- fs::path p;
+- for (fs::path::iterator i = tmp.begin()
+- , end(tmp.end()); i != end; ++i)
+- {
+- if (*i == "." || *i == "..") continue;
+- p /= *i;
+- }
+- m_name = p.string();
+- }
+- if (m_name == ".." || m_name == ".")
++ m_name = sanitize_path(m_name).string();
++ if (!valid_path_element(m_name))
+ throw std::runtime_error("invalid 'name' of torrent (possible exploit attempt)");
+
+ // extract file list
+--
+1.6.3.1
+