224664 – net-p2p/libtorrent: Fix remote DoS

Bug 224664 - net-p2p/libtorrent: Fix remote DoS

Summary: net-p2p/libtorrent: Fix remote DoS

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	amd64 Any

Importance:	--- Affects Many People
Assignee:	Danilo G. Baio

URL:	https://github.com/rakshasa/libtorren...
Keywords:	patch

Depends on:
Blocks:

Reported:	2017-12-29 02:39 UTC by Henry
Modified:	2018-02-10 23:17 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (pipfstarrd) dbaio: merge-quarterly+

Attachments
patch (3.03 KB, patch) 2017-12-29 02:39 UTC, Henry	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Henry 2017-12-29 02:39:01 UTC

Attached is a patch that has been committed upstream to head: https://github.com/rakshasa/libtorrent/pull/99/files

Tested and stable on 11.1-RELEASE-p1 / amd64 for a month, eliminates frequent crashes.

Comment 1 Henry 2017-12-29 02:39:44 UTC

Created attachment 189192 [details]
patch

Comment 2 commit-hook freebsd_committer

2018-02-10 21:46:09 UTC

A commit references this bug:

Author: dbaio
Date: Sat Feb 10 21:45:06 UTC 2018
New revision: 461436
URL: https://svnweb.freebsd.org/changeset/ports/461436

Log:
  security/vuxml: Document vulnerability in net-p2p/libtorrent

  PR:		224664
  Reported by:	Henry David Bartholomew <PopularMoment@protonmail.com>

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2018-02-10 21:53:17 UTC

A commit references this bug:

Author: dbaio
Date: Sat Feb 10 21:52:46 UTC 2018
New revision: 461437
URL: https://svnweb.freebsd.org/changeset/ports/461437

Log:
  net-p2p/libtorrent: Fix remote DoS

  Calls into build_benocde that use %zu could crash on 64 bit machines
  due to the size change of size_t.
  Someone can force READ_ENC_IA to fail allowing an internal_error to
  be thrown and bring down the client, throw handshake_error instead.

  PR:		224664
  Submitted by:	Henry David Bartholomew <PopularMoment@protonmail.com>
  Approved by:	maintainer timeout (pipfstarrd@openmailbox.org, > 2 weeks)
  MFH:		2018Q1
  Security:	e4dd787e-0ea9-11e8-95f2-005056925db4

Changes:
  head/net-p2p/libtorrent/Makefile
  head/net-p2p/libtorrent/distinfo
  head/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash

Comment 4 Danilo G. Baio freebsd_committer

2018-02-10 21:59:50 UTC

Committed, thanks!

I'll leave this PR open, waiting approval for merging this patch into 2018Q1 branch.

Comment 5 Eitan Adler freebsd_committer

2018-02-10 23:04:36 UTC

Approved for merge

Comment 6 commit-hook freebsd_committer

2018-02-10 23:16:34 UTC

A commit references this bug:

Author: dbaio
Date: Sat Feb 10 23:15:47 UTC 2018
New revision: 461450
URL: https://svnweb.freebsd.org/changeset/ports/461450

Log:
  MFH: r461437

  net-p2p/libtorrent: Fix remote DoS

  Calls into build_benocde that use %zu could crash on 64 bit machines
  due to the size change of size_t.
  Someone can force READ_ENC_IA to fail allowing an internal_error to
  be thrown and bring down the client, throw handshake_error instead.

  PR:		224664
  Submitted by:	Henry David Bartholomew <PopularMoment@protonmail.com>
  Approved by:	maintainer timeout (pipfstarrd@openmailbox.org, > 2 weeks)
  Security:	e4dd787e-0ea9-11e8-95f2-005056925db4

  Approved by:	ports-secteam (eadler)

Changes:
_U  branches/2018Q1/
  branches/2018Q1/net-p2p/libtorrent/Makefile
  branches/2018Q1/net-p2p/libtorrent/distinfo
  branches/2018Q1/net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash

Comment 7 Danilo G. Baio freebsd_committer

2018-02-10 23:17:23 UTC

(In reply to Eitan Adler from comment #5)

Thanks!