Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 273156 | Differences between
and this patch

Collapse All | Expand All

(-)a/src/torrent_info.cpp (-20 / +28 lines)
Lines 39-44 POSSIBILITY OF SUCH DAMAGE. Link Here
39
#include <iterator>
39
#include <iterator>
40
#include <algorithm>
40
#include <algorithm>
41
#include <set>
41
#include <set>
42
#include <string>
42
43
43
#ifdef _MSC_VER
44
#ifdef _MSC_VER
44
#pragma warning(push, 1)
45
#pragma warning(push, 1)
Lines 74-79 namespace Link Here
74
		str += 0x80 | (chr & 0x3f);
75
		str += 0x80 | (chr & 0x3f);
75
	}
76
	}
76
77
78
	bool valid_path_element(std::string const& element)
79
	{
80
		if (element.empty()
81
			|| element == "." || element == ".."
82
			|| element[0] == '/' || element[0] == '\\'
83
			|| element[element.size()-1] == ':')
84
			return false;
85
		return true;
86
	}
87
88
	fs::path sanitize_path(fs::path const& p)
89
	{
90
		fs::path new_path;
91
		for (fs::path::const_iterator i = p.begin(); i != p.end(); ++i)
92
		{
93
			if (!valid_path_element(*i)) continue;
94
			std::string pe = *i;
95
			new_path /= pe;
96
		}
97
		TORRENT_ASSERT(!new_path.is_complete());
98
		return new_path;
99
	}
100
77
	void verify_encoding(file_entry& target)
101
	void verify_encoding(file_entry& target)
78
	{
102
	{
79
		std::string tmp_path;
103
		std::string tmp_path;
Lines 184-192 namespace Link Here
184
		for (entry::list_type::const_iterator i = list->begin();
208
		for (entry::list_type::const_iterator i = list->begin();
185
			i != list->end(); ++i)
209
			i != list->end(); ++i)
186
		{
210
		{
187
			if (i->string() != "..")
211
			target.path /= i->string();
188
				target.path /= i->string();
189
		}
212
		}
213
		target.path = sanitize_path(target.path);
190
		verify_encoding(target);
214
		verify_encoding(target);
191
		if (target.path.is_complete()) throw std::runtime_error("torrent contains "
215
		if (target.path.is_complete()) throw std::runtime_error("torrent contains "
192
			"a file with an absolute path: '"
216
			"a file with an absolute path: '"
Lines 349-371 namespace libtorrent Link Here
349
		else
373
		else
350
		{ m_name = info["name"].string(); }
374
		{ m_name = info["name"].string(); }
351
		
375
		
352
		fs::path tmp = m_name;
376
		m_name = sanitize_path(m_name).string();
353
  		if (tmp.is_complete())
377
		if (!valid_path_element(m_name))
354
  		{
355
 			m_name = tmp.leaf();
356
  		}
357
 		else if (tmp.has_branch_path())
358
  		{
359
 			fs::path p;
360
 			for (fs::path::iterator i = tmp.begin()
361
 				, end(tmp.end()); i != end; ++i)
362
 			{
363
 				if (*i == "." || *i == "..") continue;
364
 				p /= *i;
365
 			}
366
 			m_name = p.string();
367
 		}
368
 		if (m_name == ".." || m_name == ".")
369
 			throw std::runtime_error("invalid 'name' of torrent (possible exploit attempt)");
378
 			throw std::runtime_error("invalid 'name' of torrent (possible exploit attempt)");
370
	
379
	
371
		// extract file list
380
		// extract file list
372
- 

Return to bug 273156