svn commit: r461450 - in branches/2018Q1/net-p2p/libtorrent: . files

Danilo G. Baio dbaio at FreeBSD.org
Sat Feb 10 23:15:48 UTC 2018 

Author: dbaio
Date: Sat Feb 10 23:15:47 2018
New Revision: 461450
URL: https://svnweb.freebsd.org/changeset/ports/461450

Log:
  MFH: r461437
  
  net-p2p/libtorrent: Fix remote DoS
  
  Calls into build_benocde that use %zu could crash on 64 bit machines
  due to the size change of size_t.
  Someone can force READ_ENC_IA to fail allowing an internal_error to
  be thrown and bring down the client, throw handshake_error instead.
  
  PR:		224664
  Submitted by:	Henry David Bartholomew <PopularMoment at protonmail.com>
  Approved by:	maintainer timeout (pipfstarrd at openmailbox.org, > 2 weeks)
  Security:	e4dd787e-0ea9-11e8-95f2-005056925db4
  
  Approved by:	ports-secteam (eadler)

Added:
  branches/2018Q1/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash
     - copied unchanged from r461437, head/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash
Modified:
  branches/2018Q1/net-p2p/libtorrent/Makefile
  branches/2018Q1/net-p2p/libtorrent/distinfo
Directory Properties:
  branches/2018Q1/   (props changed)

Modified: branches/2018Q1/net-p2p/libtorrent/Makefile
==============================================================================
--- branches/2018Q1/net-p2p/libtorrent/Makefile	Sat Feb 10 23:01:37 2018	(r461449)
+++ branches/2018Q1/net-p2p/libtorrent/Makefile	Sat Feb 10 23:15:47 2018	(r461450)
@@ -2,7 +2,7 @@
 
 PORTNAME=	libtorrent
 PORTVERSION=	0.13.6
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	net-p2p
 MASTER_SITES=	http://rtorrent.net/downloads/
 

Modified: branches/2018Q1/net-p2p/libtorrent/distinfo
==============================================================================
--- branches/2018Q1/net-p2p/libtorrent/distinfo	Sat Feb 10 23:01:37 2018	(r461449)
+++ branches/2018Q1/net-p2p/libtorrent/distinfo	Sat Feb 10 23:15:47 2018	(r461450)
@@ -1,2 +1,3 @@
+TIMESTAMP = 1518295243
 SHA256 (libtorrent-0.13.6.tar.gz) = 2838a08c96edfd936aff8fbf99ecbb930c2bfca3337dd1482eb5fccdb80d5a04
 SIZE (libtorrent-0.13.6.tar.gz) = 781253

Copied: branches/2018Q1/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash (from r461437, head/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q1/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash	Sat Feb 10 23:15:47 2018	(r461450, copy of r461437, head/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash)
@@ -0,0 +1,45 @@
+# https://github.com/rakshasa/libtorrent/pull/99/files
+
+--- src/protocol/extensions.cc.orig	2015-08-08 17:01:32.000000000 +0200
++++ src/protocol/extensions.cc	2017-12-02 01:46:38.522736000 +0100
+@@ -394,7 +394,7 @@
+   if (m_download->info()->is_meta_download() || piece >= pieceEnd) {
+     // reject: { "msg_type" => 2, "piece" => ... }
+     m_pendingType = UT_METADATA;
+-    m_pending = build_bencode(40, "d8:msg_typei2e5:piecei%zuee", piece);
++    m_pending = build_bencode(sizeof(size_t) + 36, "d8:msg_typei2e5:piecei%zuee", piece);
+     return;
+   }
+ 
+@@ -407,7 +407,7 @@
+   // data: { "msg_type" => 1, "piece" => ..., "total_size" => ... } followed by piece data (outside of dictionary)
+   size_t length = piece == pieceEnd - 1 ? m_download->info()->metadata_size() % metadata_piece_size : metadata_piece_size;
+   m_pendingType = UT_METADATA;
+-  m_pending = build_bencode(length + 128, "d8:msg_typei1e5:piecei%zue10:total_sizei%zuee", piece, metadataSize);
++  m_pending = build_bencode((2 * sizeof(size_t)) + length + 120, "d8:msg_typei1e5:piecei%zue10:total_sizei%zuee", piece, metadataSize);
+ 
+   memcpy(m_pending.end(), buffer + (piece << metadata_piece_shift), length);
+   m_pending.set(m_pending.data(), m_pending.end() + length, m_pending.owned());
+--- src/protocol/handshake.cc.orig	2015-08-08 17:01:49.000000000 +0200
++++ src/protocol/handshake.cc	2017-12-02 01:46:38.523093000 +0100
+@@ -738,7 +738,7 @@
+         break;
+ 
+       if (m_readBuffer.remaining() > m_encryption.length_ia())
+-        throw internal_error("Read past initial payload after incoming encrypted handshake.");
++        throw handshake_error(ConnectionManager::handshake_failed, e_handshake_invalid_value);
+ 
+       if (m_encryption.crypto() != HandshakeEncryption::crypto_rc4)
+         m_encryption.info()->set_obfuscated();
+--- src/torrent/object_stream.cc.orig	2015-08-08 17:01:32.000000000 +0200
++++ src/torrent/object_stream.cc	2017-12-02 01:46:38.523350000 +0100
+@@ -104,7 +104,8 @@
+   while (first != last && *first >= '0' && *first <= '9')
+     length = length * 10 + (*first++ - '0');
+ 
+-  if (length + 1 > (unsigned int)std::distance(first, last) || *first++ != ':')
++  if (length + 1 > (unsigned int)std::distance(first, last) || *first++ != ':'
++		  || length + 1 == 0)
+     throw torrent::bencode_error("Invalid bencode data.");
+   
+   return raw_string(first, length);

More information about the svn-ports-branches mailing list