MFH: r461437

net-p2p/libtorrent: Fix remote DoS

Calls into build_benocde that use %zu could crash on 64 bit machines
due to the size change of size_t.
Someone can force READ_ENC_IA to fail allowing an internal_error to
be thrown and bring down the client, throw handshake_error instead.

PR:		224664
Submitted by:	Henry David Bartholomew <PopularMoment@protonmail.com>
Approved by:	maintainer timeout (pipfstarrd@openmailbox.org, > 2 weeks)
Security:	e4dd787e-0ea9-11e8-95f2-005056925db4

Approved by:	ports-secteam (eadler)

net-p2p/libtorrent/Makefile

@@ -2,7 +2,7 @@
 
 PORTNAME=	libtorrent
 PORTVERSION=	0.13.6
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	net-p2p
 MASTER_SITES=	http://rtorrent.net/downloads/
 

net-p2p/libtorrent/distinfo

@@ -1,2 +1,3 @@
+TIMESTAMP = 1518295243
 SHA256 (libtorrent-0.13.6.tar.gz) = 2838a08c96edfd936aff8fbf99ecbb930c2bfca3337dd1482eb5fccdb80d5a04
 SIZE (libtorrent-0.13.6.tar.gz) = 781253

net-p2p/libtorrent/files/patch-fix-build-bencoders-callers-crash

@@ -0,0 +1,45 @@
+# https://github.com/rakshasa/libtorrent/pull/99/files
+
+--- src/protocol/extensions.cc.orig	2015-08-08 17:01:32.000000000 +0200
++++ src/protocol/extensions.cc	2017-12-02 01:46:38.522736000 +0100
+@@ -394,7 +394,7 @@
+   if (m_download->info()->is_meta_download() || piece >= pieceEnd) {
+     // reject: { "msg_type" => 2, "piece" => ... }
+     m_pendingType = UT_METADATA;
+-    m_pending = build_bencode(40, "d8:msg_typei2e5:piecei%zuee", piece);
++    m_pending = build_bencode(sizeof(size_t) + 36, "d8:msg_typei2e5:piecei%zuee", piece);
+     return;
+   }
+ 
+@@ -407,7 +407,7 @@
+   // data: { "msg_type" => 1, "piece" => ..., "total_size" => ... } followed by piece data (outside of dictionary)
+   size_t length = piece == pieceEnd - 1 ? m_download->info()->metadata_size() % metadata_piece_size : metadata_piece_size;
+   m_pendingType = UT_METADATA;
+-  m_pending = build_bencode(length + 128, "d8:msg_typei1e5:piecei%zue10:total_sizei%zuee", piece, metadataSize);
++  m_pending = build_bencode((2 * sizeof(size_t)) + length + 120, "d8:msg_typei1e5:piecei%zue10:total_sizei%zuee", piece, metadataSize);
+ 
+   memcpy(m_pending.end(), buffer + (piece << metadata_piece_shift), length);
+   m_pending.set(m_pending.data(), m_pending.end() + length, m_pending.owned());
+--- src/protocol/handshake.cc.orig	2015-08-08 17:01:49.000000000 +0200
++++ src/protocol/handshake.cc	2017-12-02 01:46:38.523093000 +0100
+@@ -738,7 +738,7 @@
+         break;
+ 
+       if (m_readBuffer.remaining() > m_encryption.length_ia())
+-        throw internal_error("Read past initial payload after incoming encrypted handshake.");
++        throw handshake_error(ConnectionManager::handshake_failed, e_handshake_invalid_value);
+ 
+       if (m_encryption.crypto() != HandshakeEncryption::crypto_rc4)
+         m_encryption.info()->set_obfuscated();
+--- src/torrent/object_stream.cc.orig	2015-08-08 17:01:32.000000000 +0200
++++ src/torrent/object_stream.cc	2017-12-02 01:46:38.523350000 +0100
+@@ -104,7 +104,8 @@
+   while (first != last && *first >= '0' && *first <= '9')
+     length = length * 10 + (*first++ - '0');
+ 
+-  if (length + 1 > (unsigned int)std::distance(first, last) || *first++ != ':')
++  if (length + 1 > (unsigned int)std::distance(first, last) || *first++ != ':'
++		  || length + 1 == 0)
+     throw torrent::bencode_error("Invalid bencode data.");
+   
+   return raw_string(first, length);