+++ /dev/null
-#
-# Copyright (C) 2006-2008 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=ctorrent
-PKG_VERSION:=dnh3.3.2
-PKG_RELEASE:=6
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=@SF/dtorrent \
- http://www.rahul.net/dholmes/ctorrent/
-PKG_MD5SUM:=59b23dd05ff70791cd6449effa7fc3b6
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
-
-include $(INCLUDE_DIR)/uclibc++.mk
-include $(INCLUDE_DIR)/package.mk
-
-define Package/ctorrent/Default
- SUBMENU:=BitTorrent
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=$(CXX_DEPENDS)
- TITLE:=console-based BitTorrent client
- MAINTAINER:=Peter Wagner <tripolar@gmx.at>
- URL:=http://www.rahul.net/dholmes/ctorrent/
-endef
-
-define Package/ctorrent/Default/description
- CTorrent is a BitTorrent client written in the C programming language,
- known to be a very robust and mature programming language, which produces
- fast and optimized application.
-endef
-
-define Package/ctorrent
-$(call Package/ctorrent/Default)
- TITLE+= (with OpenSSL support)
- DEPENDS+=+libopenssl
- VARIANT:=ssl
-endef
-
-define Package/ctorrent/description
-$(call Package/ctorrent/Default/description)
- This package is built with OpenSSL support.
-endef
-
-define Package/ctorrent-nossl
-$(call Package/ctorrent/Default)
- TITLE+= (with builtin SHA-1)
- VARIANT:=nossl
-endef
-
-define Package/ctorrent-nossl/description
-$(call Package/ctorrent/Default/description)
- This package is built with builtin (Steve Reid's public-domain) SHA-1 support
-endef
-
-CONFIGURE_VARS += \
- CXXFLAGS="$$$$CXXFLAGS -fno-rtti"
-
-ifeq ($(BUILD_VARIANT),ssl)
- CONFIGURE_ARGS += \
- --with-ssl="$(STAGING_DIR)/usr"
-endif
-
-ifeq ($(BUILD_VARIANT),nossl)
- CONFIGURE_ARGS += \
- --with-ssl=no
-endif
-
-define Package/ctorrent/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_NAME) $(1)/usr/bin/$(PKG_NAME)
-endef
-
-Package/ctorrent-nossl/install = $(Package/ctorrent/install)
-
-$(eval $(call BuildPackage,ctorrent))
-$(eval $(call BuildPackage,ctorrent-nossl))
+++ /dev/null
-Patch for CVE-2009-1759.
-Source: Upstream SVN, rev 302 from the dtorrent-3 branch.
-
-Index: a/bencode.h
-===================================================================
---- a/bencode.h (revision 300)
-+++ b/bencode.h (revision 302)
-@@ -25,7 +25,7 @@
- size_t decode_list(const char *b,size_t len,const char *keylist);
- size_t decode_rev(const char *b,size_t len,const char *keylist);
- size_t decode_query(const char *b,size_t len,const char *keylist,const char **ps,size_t *pi,int64_t *pl,int method);
--size_t decode_list2path(const char *b, size_t n, char *pathname);
-+size_t decode_list2path(const char *b, size_t n, char *pathname, size_t maxlen);
- size_t bencode_buf(const char *str,size_t len,FILE *fp);
- size_t bencode_str(const char *str, FILE *fp);
- size_t bencode_int(const uint64_t integer, FILE *fp);
-Index: a/bencode.cpp
-===================================================================
---- a/bencode.cpp (revision 300)
-+++ b/bencode.cpp (revision 302)
-@@ -233,22 +233,28 @@
- return bencode_end_dict_list(fp);
- }
-
--size_t decode_list2path(const char *b, size_t n, char *pathname)
-+size_t decode_list2path(const char *b, size_t n, char *pathname, size_t maxlen)
- {
- const char *pb = b;
- const char *s = (char *) 0;
-+ const char *endmax = pathname + maxlen - 1;
- size_t r,q;
-
- if( 'l' != *pb ) return 0;
- pb++;
- n--;
- if( !n ) return 0;
-- for(; n;){
-+ while( n && pathname < endmax ){
- if(!(r = buf_str(pb, n, &s, &q)) ) return 0;
-+ if( q >= maxlen ) return 0;
- memcpy(pathname, s, q);
- pathname += q;
-- pb += r; n -= r;
-- if( 'e' != *pb ){*pathname = PATH_SP, pathname++;} else break;
-+ maxlen -= q;
-+ pb += r;
-+ n -= r;
-+ if( 'e' == *pb ) break;
-+ if( pathname >= endmax ) return 0;
-+ *pathname++ = PATH_SP;
- }
- *pathname = '\0';
- return (pb - b + 1);
-Index: a/btfiles.cpp
-===================================================================
---- a/btfiles.cpp (revision 300)
-+++ b/btfiles.cpp (revision 302)
-@@ -449,7 +449,8 @@
- return 0;
- }
-
--int btFiles::BuildFromMI(const char *metabuf, const size_t metabuf_len, const char *saveas)
-+int btFiles::BuildFromMI(const char *metabuf, const size_t metabuf_len,
-+ const char *saveas, unsigned char exam_only)
- {
- char path[MAXPATHLEN];
- const char *s, *p;
-@@ -458,11 +459,19 @@
- int f_warned = 0;
-
- if( !decode_query(metabuf, metabuf_len, "info|name", &s, &q, (int64_t*)0,
-- QUERY_STR) || MAXPATHLEN <= q )
-+ QUERY_STR) || MAXPATHLEN <= q ){
-+ errno = EINVAL;
- return -1;
-+ }
-
- memcpy(path, s, q);
- path[q] = '\0';
-+ if( !exam_only &&
-+ (PATH_SP == path[0] || '/' == path[0] || 0==strncmp("..", path, 2)) ){
-+ CONSOLE.Warning(1, "error, unsafe path \"%s\" in torrent data", path);
-+ errno = EINVAL;
-+ return -1;
-+ }
-
- r = decode_query(metabuf, metabuf_len, "info|files", (const char**)0, &q,
- (int64_t*)0, QUERY_POS);
-@@ -471,21 +480,31 @@
- BTFILE *pbf_last = (BTFILE*) 0;
- BTFILE *pbf = (BTFILE*) 0;
- size_t dl;
-+ unsigned long nfiles = 0;
-+
- if( decode_query(metabuf,metabuf_len,"info|length",
-- (const char**) 0,(size_t*) 0,(int64_t*) 0,QUERY_LONG) )
-+ (const char**) 0,(size_t*) 0,(int64_t*) 0,QUERY_LONG) ){
-+ errno = EINVAL;
- return -1;
-+ }
-
- if( saveas ){
- m_directory = new char[strlen(saveas) + 1];
- #ifndef WINDOWS
-- if(!m_directory) return -1;
-+ if( !m_directory ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- strcpy(m_directory,saveas);
- }else{
- int f_conv;
- char *tmpfn = new char[strlen(path)*2+5];
- #ifndef WINDOWS
-- if( !tmpfn ) return -1;
-+ if( !tmpfn ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- if( f_conv = ConvertFilename(tmpfn, path, strlen(path)*2+5) ){
- if( arg_flg_convert_filenames ){
-@@ -493,6 +512,7 @@
- #ifndef WINDOWS
- if( !m_directory ){
- delete []tmpfn;
-+ errno = ENOMEM;
- return -1;
- }
- #endif
-@@ -507,7 +527,10 @@
- if( !f_conv || !arg_flg_convert_filenames ){
- m_directory = new char[strlen(path) + 1];
- #ifndef WINDOWS
-- if( !m_directory ) return -1;
-+ if( !m_directory ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- strcpy(m_directory,path);
- }
-@@ -517,24 +540,50 @@
- p = metabuf + r + 1;
- q--;
- for(; q && 'e' != *p; p += dl, q -= dl){
-- if(!(dl = decode_dict(p, q, (const char*) 0)) ) return -1;
-- if( !decode_query(p, dl, "length", (const char**) 0,
-- (size_t*) 0,&t,QUERY_LONG) ) return -1;
-+ if( !(dl = decode_dict(p, q, (const char*) 0)) ||
-+ !decode_query(p, dl, "length", (const char**) 0, (size_t*) 0, &t,
-+ QUERY_LONG) ){
-+ errno = EINVAL;
-+ return -1;
-+ }
- pbf = _new_bfnode();
- #ifndef WINDOWS
-- if( !pbf ) return -1;
-+ if( !pbf ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
-+ nfiles++;
- pbf->bf_length = t;
- m_total_files_length += t;
- r = decode_query(p, dl, "path", (const char **)0, &n, (int64_t*)0,
- QUERY_POS);
-- if( !r ) return -1;
-- if(!decode_list2path(p + r, n, path)) return -1;
-+ if( !r || !decode_list2path(p + r, n, path, sizeof(path)) ){
-+ CONSOLE.Warning(1,
-+ "error, invalid path in torrent data for file %lu at offset %llu",
-+ nfiles, m_total_files_length - t);
-+ delete pbf;
-+ errno = EINVAL;
-+ return -1;
-+ }
-+ if( !exam_only &&
-+ (PATH_SP == path[0] || '/' == path[0] || 0==strncmp("..", path, 2)) ){
-+ CONSOLE.Warning(1,
-+ "error, unsafe path \"%s\" in torrent data for file %lu",
-+ path, nfiles);
-+ delete pbf;
-+ errno = EINVAL;
-+ return -1;
-+ }
-
-+
- int f_conv;
- char *tmpfn = new char[strlen(path)*2+5];
- #ifndef WINDOWS
-- if( !tmpfn ) return -1;
-+ if( !tmpfn ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- if( f_conv = ConvertFilename(tmpfn, path, strlen(path)*2+5) ){
- if( arg_flg_convert_filenames ){
-@@ -542,6 +591,7 @@
- #ifndef WINDOWS
- if( !pbf->bf_filename ){
- delete []tmpfn;
-+ errno = ENOMEM;
- return -1;
- }
- #endif
-@@ -556,7 +606,10 @@
- if( !f_conv || !arg_flg_convert_filenames ){
- pbf->bf_filename = new char[strlen(path) + 1];
- #ifndef WINDOWS
-- if( !pbf->bf_filename ) return -1;
-+ if( !pbf->bf_filename ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- strcpy(pbf->bf_filename, path);
- }
-@@ -564,30 +617,42 @@
- pbf_last = pbf;
- }
- }else{
-- if( !decode_query(metabuf,metabuf_len,"info|length",
-- (const char**) 0,(size_t*) 0,&t,QUERY_LONG) )
-+ if( !decode_query(metabuf,metabuf_len, "info|length",
-+ (const char**)0, (size_t*) 0, &t, QUERY_LONG) ){
-+ errno = EINVAL;
- return -1;
-+ }
- m_btfhead = _new_bfnode();
- #ifndef WINDOWS
-- if( !m_btfhead) return -1;
-+ if( !m_btfhead ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- m_btfhead->bf_length = m_total_files_length = t;
- if( saveas ){
- m_btfhead->bf_filename = new char[strlen(saveas) + 1];
- #ifndef WINDOWS
-- if(!m_btfhead->bf_filename ) return -1;
-+ if( !m_btfhead->bf_filename ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- strcpy(m_btfhead->bf_filename, saveas);
- }else if( arg_flg_convert_filenames ){
- char *tmpfn = new char[strlen(path)*2+5];
- #ifndef WINDOWS
-- if( !tmpfn ) return -1;
-+ if( !tmpfn ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- ConvertFilename(tmpfn, path, strlen(path)*2+5);
- m_btfhead->bf_filename = new char[strlen(tmpfn) + 1];
- #ifndef WINDOWS
- if( !m_btfhead->bf_filename ){
- delete []tmpfn;
-+ errno = ENOMEM;
- return -1;
- }
- #endif
-@@ -596,7 +661,10 @@
- }else{
- m_btfhead->bf_filename = new char[strlen(path) + 1];
- #ifndef WINDOWS
-- if(!m_btfhead->bf_filename ) return -1;
-+ if( !m_btfhead->bf_filename ){
-+ errno = ENOMEM;
-+ return -1;
-+ }
- #endif
- strcpy(m_btfhead->bf_filename, path);
- }
-@@ -694,6 +762,32 @@
- size_t btFiles::FillMetaInfo(FILE* fp)
- {
- BTFILE *p;
-+ const char *refname, *s;
-+ char path[MAXPATHLEN];
-+
-+ refname = m_directory ? m_directory : m_btfhead->bf_filename;
-+ while( (s = strchr(refname, PATH_SP)) && *(s + 1) ){
-+ refname = s + 1;
-+ }
-+ if( m_directory && '.' == *refname ){
-+ char dir[MAXPATHLEN];
-+ if( getcwd(dir, sizeof(dir)) && 0==chdir(m_directory) ){
-+ if( getcwd(path, sizeof(path)) ){
-+ refname = path;
-+ while( (s = strchr(refname, PATH_SP)) && *(s + 1) ){
-+ refname = s + 1;
-+ }
-+ }
-+ chdir(dir);
-+ }
-+ }
-+ if( '/' == *refname || '\0' == *refname || '.' == *refname ){
-+ CONSOLE.Warning(1, "error, inappropriate file or directory name \"%s\"",
-+ m_directory ? m_directory : m_btfhead->bf_filename);
-+ errno = EINVAL;
-+ return 0;
-+ }
-+
- if( m_directory ){
- // multi files
- if( bencode_str("files", fp) != 1 ) return 0;
-@@ -715,16 +809,15 @@
- if(bencode_end_dict_list(fp) != 1 ) return 0;
-
- if(bencode_str("name", fp) != 1) return 0;
-- return bencode_str(m_directory, fp);
--
-+ return bencode_str(refname, fp);
- }else{
- if( bencode_str("length", fp) != 1 ) return 0;
- if( bencode_int(m_btfhead->bf_length, fp) != 1) return 0;
-
- if( bencode_str("name", fp) != 1 ) return 0;
-- return bencode_str(m_btfhead->bf_filename, fp);
-+ return bencode_str(refname, fp);
- }
-- return 1;
-+ return 0;
- }
-
-
-Index: a/btcontent.cpp
-===================================================================
---- a/btcontent.cpp (revision 300)
-+++ b/btcontent.cpp (revision 302)
-@@ -357,7 +357,11 @@
-
- cfg_req_queue_length = (m_piece_length / cfg_req_slice_size) * 2 - 1;
-
-- if( m_btfiles.BuildFromMI(b, flen, saveas) < 0 ) ERR_RETURN();
-+ if( m_btfiles.BuildFromMI(b, flen, saveas, arg_flg_exam_only) < 0 ){
-+ if( EINVAL == errno )
-+ CONSOLE.Warning(1, "Torrent metainfo file data is invalid or unusable.");
-+ ERR_RETURN();
-+ }
-
- delete []b;
- b = (char *)0;
-Index: a/btfiles.h
-===================================================================
---- a/btfiles.h (revision 300)
-+++ b/btfiles.h (revision 302)
-@@ -61,7 +61,7 @@
-
- int BuildFromFS(const char *pathname);
- int BuildFromMI(const char *metabuf, const size_t metabuf_len,
-- const char *saveas);
-+ const char *saveas, unsigned char exam_only);
-
- char *GetDataName() const;
- uint64_t GetTotalLength() const { return m_total_files_length; }
projects / openwrt / svn-archive / archive.git / commitdiff