Bug 224664 - net-p2p/libtorrent: Fix remote DoS
Summary: net-p2p/libtorrent: Fix remote DoS
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Many People
Assignee: Danilo G. Baio
URL: https://github.com/rakshasa/libtorren...
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-12-29 02:39 UTC by Henry David Bartholomew
Modified: 2018-02-10 23:17 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (pipfstarrd)
dbaio: merge-quarterly+


Attachments
patch (3.03 KB, patch)
2017-12-29 02:39 UTC, Henry David Bartholomew
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Henry David Bartholomew 2017-12-29 02:39:01 UTC
Attached is a patch that has been committed upstream to head: https://github.com/rakshasa/libtorrent/pull/99/files

Tested and stable on 11.1-RELEASE-p1 / amd64 for a month, eliminates frequent crashes.
Comment 1 Henry David Bartholomew 2017-12-29 02:39:44 UTC
Created attachment 189192 [details]
patch
Comment 2 commit-hook freebsd_committer 2018-02-10 21:46:09 UTC
A commit references this bug:

Author: dbaio
Date: Sat Feb 10 21:45:06 UTC 2018
New revision: 461436
URL: https://svnweb.freebsd.org/changeset/ports/461436

Log:
  security/vuxml: Document vulnerability in net-p2p/libtorrent

  PR:		224664
  Reported by:	Henry David Bartholomew <PopularMoment@protonmail.com>

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2018-02-10 21:53:17 UTC
A commit references this bug:

Author: dbaio
Date: Sat Feb 10 21:52:46 UTC 2018
New revision: 461437
URL: https://svnweb.freebsd.org/changeset/ports/461437

Log:
  net-p2p/libtorrent: Fix remote DoS

  Calls into build_benocde that use %zu could crash on 64 bit machines
  due to the size change of size_t.
  Someone can force READ_ENC_IA to fail allowing an internal_error to
  be thrown and bring down the client, throw handshake_error instead.

  PR:		224664
  Submitted by:	Henry David Bartholomew <PopularMoment@protonmail.com>
  Approved by:	maintainer timeout (pipfstarrd@openmailbox.org, > 2 weeks)
  MFH:		2018Q1
  Security:	e4dd787e-0ea9-11e8-95f2-005056925db4

Changes:
  head/net-p2p/libtorrent/Makefile
  head/net-p2p/libtorrent/distinfo
  head/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash
Comment 4 Danilo G. Baio freebsd_committer 2018-02-10 21:59:50 UTC
Committed, thanks!

I'll leave this PR open, waiting approval for merging this patch into 2018Q1 branch.
Comment 5 Eitan Adler freebsd_committer freebsd_triage 2018-02-10 23:04:36 UTC
Approved for merge
Comment 6 commit-hook freebsd_committer 2018-02-10 23:16:34 UTC
A commit references this bug:

Author: dbaio
Date: Sat Feb 10 23:15:47 UTC 2018
New revision: 461450
URL: https://svnweb.freebsd.org/changeset/ports/461450

Log:
  MFH: r461437

  net-p2p/libtorrent: Fix remote DoS

  Calls into build_benocde that use %zu could crash on 64 bit machines
  due to the size change of size_t.
  Someone can force READ_ENC_IA to fail allowing an internal_error to
  be thrown and bring down the client, throw handshake_error instead.

  PR:		224664
  Submitted by:	Henry David Bartholomew <PopularMoment@protonmail.com>
  Approved by:	maintainer timeout (pipfstarrd@openmailbox.org, > 2 weeks)
  Security:	e4dd787e-0ea9-11e8-95f2-005056925db4

  Approved by:	ports-secteam (eadler)

Changes:
_U  branches/2018Q1/
  branches/2018Q1/net-p2p/libtorrent/Makefile
  branches/2018Q1/net-p2p/libtorrent/distinfo
  branches/2018Q1/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash
Comment 7 Danilo G. Baio freebsd_committer 2018-02-10 23:17:23 UTC
(In reply to Eitan Adler from comment #5)

Thanks!