rpms/ktorrent/F-8 ktorrent-2.2.7-php-injection.patch, NONE, 1.1 ktorrent-2.2.7-upload.patch, NONE, 1.1 ktorrent.spec, 1.52, 1.53
Rex Dieter
rdieter at fedoraproject.org
Wed Oct 29 14:40:37 UTC 2008
Author: rdieter
Update of /cvs/pkgs/rpms/ktorrent/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20304
Modified Files:
ktorrent.spec
Added Files:
ktorrent-2.2.7-php-injection.patch ktorrent-2.2.7-upload.patch
Log Message:
* Wed Oct 29 2008 Rex Dieter <rdieter at fedoraproject.org> - 2.2.7-2
- multiple security issues in the web interface (#469020)
ktorrent-2.2.7-php-injection.patch:
--- NEW FILE ktorrent-2.2.7-php-injection.patch ---
Index: ktorrent-2.2.7/plugins/webinterface/php_handler.cpp
===================================================================
--- ktorrent-2.2.7.orig/plugins/webinterface/php_handler.cpp
+++ ktorrent-2.2.7/plugins/webinterface/php_handler.cpp
@@ -82,7 +82,9 @@ namespace kt
for ( it = args.begin(); it != args.end(); ++it )
{
- ts << QString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data());
+ // Check for string delimiters, don't want PHP injection attacks
+ if (!containsDelimiters(it.key()) && !containsDelimiters(it.data()))
+ ts << QString("$_REQUEST['%1']=\"%2\";\n").arg(it.key()).arg(it.data());
}
ts.writeRawBytes(php_s.data() + off,php_s.size() - off); // the rest of the script
ts << flush;
@@ -116,6 +118,10 @@ namespace kt
}
}
+ bool PhpHandler::containsDelimiters(const QString & str)
+ {
+ return str.contains("\"") || str.contains("'");
+ }
}
#include "php_handler.moc"
Index: ktorrent-2.2.7/plugins/webinterface/php_handler.h
===================================================================
--- ktorrent-2.2.7.orig/plugins/webinterface/php_handler.h
+++ ktorrent-2.2.7/plugins/webinterface/php_handler.h
@@ -43,6 +43,9 @@ namespace kt
void onExited();
void onReadyReadStdout();
+ private:
+ bool containsDelimiters(const QString & str);
+
signals:
void finished();
ktorrent-2.2.7-upload.patch:
--- NEW FILE ktorrent-2.2.7-upload.patch ---
Index: ktorrent-2.2.7/plugins/webinterface/httpserver.cpp
===================================================================
--- ktorrent-2.2.7.orig/plugins/webinterface/httpserver.cpp
+++ ktorrent-2.2.7/plugins/webinterface/httpserver.cpp
@@ -431,9 +431,17 @@ namespace kt
void HttpServer::handleTorrentPost(HttpClientHandler* hdlr,const QHttpRequestHeader & hdr,const QByteArray & data)
{
const char* ptr = data.data();
- Uint32 len = data.size();
+ int len = data.size();
int pos = QString(data).find("\r\n\r\n");
+ if (!session.logged_in || !checkSession(hdr))
+ {
+ // You can't post torrents if you are not logged in
+ // or the session is not OK
+ redirectToLoginPage(hdlr);
+ return;
+ }
+
if (pos == -1 || pos + 4 >= len || ptr[pos + 4] != 'd')
{
HttpResponseHeader rhdr(500);
Index: ktorrent.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ktorrent/F-8/ktorrent.spec,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- ktorrent.spec 3 Jun 2008 14:44:42 -0000 1.52
+++ ktorrent.spec 29 Oct 2008 14:40:07 -0000 1.53
@@ -1,8 +1,16 @@
-%define desktopvendor fedora
+
+# Fedora pkg review: http://bugzilla.redhat.com/187818
+
+%if 0%{?fedora} > 6
+%define kdelibs3 kdelibs3
+%else
+%define kdelibs3 kdelibs
+BuildRequires: libutempter-devel
+%endif
Name: ktorrent
Version: 2.2.7
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A BitTorrent program for KDE
Group: Applications/Internet
License: GPLv2+
@@ -10,7 +18,11 @@
Source0: http://ktorrent.org/downloads/%{version}/ktorrent-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: kdelibs3-devel
+# http://bugs.gentoo.org/show_bug.cgi?id=244741
+Patch1: ktorrent-2.2.7-upload.patch
+Patch2: ktorrent-2.2.7-php-injection.patch
+
+BuildRequires: %{kdelibs3}-devel
BuildRequires: gettext
BuildRequires: gmp-devel
BuildRequires: avahi-devel
@@ -26,6 +38,10 @@
%prep
%setup -q
+
+%patch1 -p1 -b .upload
+%patch2 -p1 -b .php_injection
+
# fix "WARNING:.../Makefile.in seems to ignore the --datarootdir setting"
make -f admin/Makefile.common
@@ -50,7 +66,6 @@
rm -f $RPM_BUILD_ROOT%{_datadir}/applnk/Internet/ktorrent.desktop
/usr/bin/desktop-file-install --vendor="" \
--dir=${RPM_BUILD_ROOT}%{_datadir}/applications/kde \
- --add-category=X-Fedora \
%{buildroot}%{_datadir}/applications/kde/ktorrent.desktop
# Unpackaged files
@@ -155,6 +170,9 @@
%{_datadir}/services/ktzeroconfplugin.desktop
%changelog
+* Wed Oct 29 2008 Rex Dieter <rdieter at fedoraproject.org> - 2.2.7-2
+- multiple security issues in the web interface (#469020)
+
* Tue Jun 03 2008 Roland Wolters <wolters.liste at gmx.net> - 2.2.7-1
- update to bugfix version 2.2.7
More information about the scm-commits
mailing list