mirror
/
transmission
mirror of https://github.com/transmission/transmission
1
0
Fork 0
Code Issues Releases Wiki Activity

#1168: reading past the end of KTorrent's pex added.f strings

This commit is contained in:
Charles Kerr 2008-08-10 14:58:11 +00:00
parent 822238ca33
commit 2e6443a53d
6 changed files with 36 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libtransmission/bencode.c
View File

@ -469,6 +469,23 @@ tr_bencDictFindStr( tr_benc * dict, const char * key, const char ** setme )
return found;
}
int
tr_bencDictFindRaw( tr_benc * dict,
const char * key,
const uint8_t ** setme_raw,
size_t * setme_len )
{
int found = FALSE;
tr_benc * child = tr_bencDictFindType( dict, key, TYPE_STR );
if( child ) {
*setme_raw = (uint8_t*) child->val.s.s;
*setme_len = child->val.s.i;
found = TRUE;
}
return found;
}
/***
****
***/

2
libtransmission/bencode.h
View File

@ -71,6 +71,8 @@ void tr_bencFree( tr_benc * );
int tr_bencDictFindInt( tr_benc * dict, const char * key, int64_t * setme );
int tr_bencDictFindDouble( tr_benc * dict, const char * key, double * setme );
int tr_bencDictFindStr( tr_benc * dict, const char * key, const char ** setme );
int tr_bencDictFindRaw( tr_benc * dict, const char * key, const uint8_t ** setme_raw,
size_t * setme_len );
int tr_bencDictFindList( tr_benc * dict, const char * key, tr_benc ** setme );
int tr_bencDictFindDict( tr_benc * dict, const char * key, tr_benc ** setme );
tr_benc * tr_bencDictFind( tr_benc * dict, const char * key );

24
libtransmission/peer-mgr.c
View File

@ -1070,34 +1070,24 @@ tr_peerMgrAddPex( tr_peerMgr * manager,
}
tr_pex *
tr_peerMgrCompactToPex( const void * compact,
size_t compactLen,
const char * added_f,
size_t * pexCount )
tr_peerMgrCompactToPex( const void * compact,
size_t compactLen,
const uint8_t * added_f,
size_t added_f_len,
size_t * pexCount )
{
size_t i;
size_t n = compactLen / 6;
const uint8_t * walk = compact;
const size_t flen = added_f ? strlen( added_f ) : 0;
tr_pex * pex = tr_new0( tr_pex, n );
#if 0
if( added_f && strlen(added_f)!=n )
{
int i;
const int len = strlen( added_f );
fprintf( stderr, "compactLen is %d, n is %d, and strlen(added_f) is %d!!!\n", (int)compactLen, (int)n, len );
for( i=0; i<len; ++i )
fprintf( stderr, "added.f[%d] is %d\n", i, (int)added_f[i] );
}
#endif
for( i=0; i<n; ++i ) {
memcpy( &pex[i].in_addr, walk, 4 ); walk += 4;
memcpy( &pex[i].port, walk, 2 ); walk += 2;
if( added_f && ( n == flen ) )
if( added_f && ( n == added_f_len ) )
pex[i].flags = added_f[i];
}
*pexCount = n;
return pex;
}

9
libtransmission/peer-mgr.h
View File

@ -59,10 +59,11 @@ void tr_peerMgrAddIncoming( tr_peerMgr * manager,
uint16_t port,
int socket );
tr_pex * tr_peerMgrCompactToPex( const void * compact,
size_t compactLen,
const char * added_f,
size_t * pexCount );
tr_pex * tr_peerMgrCompactToPex( const void * compact,
size_t compactLen,
const uint8_t * added_f,
size_t added_f_len,
size_t * setme_pex_count );
void tr_peerMgrAddPex( tr_peerMgr * manager,
const uint8_t * torrentHash,

7
libtransmission/peer-msgs.c
View File

@ -1021,11 +1021,12 @@ parseUtPex( tr_peermsgs * msgs, int msglen, struct evbuffer * inbuf )
&& (( loaded = !tr_bencLoad( tmp, msglen, &val, NULL )))
&& (( added = tr_bencDictFindType( &val, "added", TYPE_STR ))))
{
const char * added_f = NULL;
const uint8_t * added_f = NULL;
tr_pex * pex;
size_t i, n;
tr_bencDictFindStr( &val, "added.f", &added_f );
pex = tr_peerMgrCompactToPex( added->val.s.s, added->val.s.i, added_f, &n );
size_t added_f_len = 0;
tr_bencDictFindRaw( &val, "added.f", &added_f, &added_f_len );
pex = tr_peerMgrCompactToPex( added->val.s.s, added->val.s.i, added_f, added_f_len, &n );
for( i=0; i<n; ++i )
tr_peerMgrAddPex( msgs->handle->peerMgr, tor->info.hash,
TR_PEER_FROM_PEX, pex+i );

2
libtransmission/torrent.c
View File

@ -187,7 +187,7 @@ onTrackerResponse( void * tracker UNUSED, void * vevent, void * user_data )
size_t i, n;
tr_pex * pex = tr_peerMgrCompactToPex( event->compact,
event->compactLen,
NULL, &n );
NULL, 0, &n );
if( event->allAreSeeds )
tr_tordbg( tor, "Got %d seeds from tracker", (int)n );
else