mirror
/
transmission
mirror of https://github.com/transmission/transmission
1
0
Fork 0
Code Issues Releases Wiki Activity

Make sure not to go past the end of the buffer when loading bencoded data. 

Add code to encode using bencoding.
This commit is contained in:
Josh Elsasser 2006-04-25 07:00:18 +00:00
parent b5fa42ff8f
commit 9120989a88
4 changed files with 149 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
libtransmission/bencode.c
View File

@ -23,10 +23,23 @@
#include "transmission.h"
#define LIST_SIZE 20
#define OUTBUF_SIZE 100
int _tr_bencLoad( char * buf, benc_val_t * val, char ** end )
static int tr_bencSprintf( char ** buf, size_t * used, size_t * max,
char * format, ... )
#ifdef __GNUC__
__attribute__ ((format (printf, 4, 5)))
#endif
;
int _tr_bencLoad( char * buf, size_t len, benc_val_t * val, char ** end )
{
char * p, * foo;
char * p, * e, * foo;
if( 1 >= len )
{
return 1;
}
if( !end )
{
@ -38,11 +51,19 @@ int _tr_bencLoad( char * buf, benc_val_t * val, char ** end )
if( buf[0] == 'i' )
{
e = memchr( &buf[1], 'e', len - 1 );
if( NULL == e )
{
return 1;
}
/* Integer: i1242e */
val->type = TYPE_INT;
*e = '\0';
val->val.i = strtoll( &buf[1], &p, 10 );
*e = 'e';
if( p == &buf[1] || p[0] != 'e' )
if( p != e )
{
return 1;
}
@ -66,7 +87,7 @@ int _tr_bencLoad( char * buf, benc_val_t * val, char ** end )
val->val.l.vals = malloc( LIST_SIZE * sizeof( benc_val_t ) );
cur = &buf[1];
str_expected = 1;
while( cur[0] != 'e' )
while( (size_t)(cur - buf) < len && cur[0] != 'e' )
{
if( val->val.l.count == val->val.l.alloc )
{
@ -75,7 +96,8 @@ int _tr_bencLoad( char * buf, benc_val_t * val, char ** end )
val->val.l.vals = realloc( val->val.l.vals,
val->val.l.alloc * sizeof( benc_val_t ) );
}
if( tr_bencLoad( cur, &val->val.l.vals[val->val.l.count], &p ) )
if( tr_bencLoad( cur, len - (cur - buf),
&val->val.l.vals[val->val.l.count], &p ) )
{
return 1;
}
@ -99,11 +121,20 @@ int _tr_bencLoad( char * buf, benc_val_t * val, char ** end )
}
else
{
e = memchr( buf, ':', len );
if( NULL == e )
{
return 1;
}
/* String: 12:whateverword */
val->type = TYPE_STR;
e[0] = '\0';
val->val.s.i = strtol( buf, &p, 10 );
e[0] = ':';
if( p == buf || p[0] != ':' )
if( p != e || 0 > val->val.s.i ||
(size_t)(val->val.s.i) > len - ((p + 1) - buf) )
{
return 1;
}
@ -203,3 +234,100 @@ benc_val_t * tr_bencDictFind( benc_val_t * val, char * key )
return NULL;
}
char * tr_bencSaveMalloc( benc_val_t * val, size_t * len )
{
char * buf = NULL;
size_t alloc = 0;
*len = 0;
if( tr_bencSave( val, &buf, len, &alloc ) )
{
if( NULL != buf )
{
free(buf);
}
*len = 0;
return NULL;
}
return buf;
}
int tr_bencSave( benc_val_t * val, char ** buf, size_t * used, size_t * max )
{
int ii;
switch( val->type )
{
case TYPE_INT:
if( tr_bencSprintf( buf, used, max, "i%llde", val->val.i ) )
{
return 1;
}
break;
case TYPE_STR:
if( (int)strlen(val->val.s.s) != val->val.s.i )
{
return 1;
}
if( tr_bencSprintf( buf, used, max, "%i:%s",
val->val.s.i, val->val.s.s ) )
{
return 1;
}
break;
case TYPE_LIST:
case TYPE_DICT:
if( tr_bencSprintf( buf, used, max,
(TYPE_LIST == val->type ? "l" : "d") ) )
{
return 1;
}
for( ii = 0; val->val.l.count > ii; ii++ )
{
if( tr_bencSave( val->val.l.vals + ii, buf, used, max ) )
{
return 1;
}
}
if( tr_bencSprintf( buf, used, max, "e" ) )
{
return 1;
}
break;
}
return 0;
}
static int tr_bencSprintf( char ** buf, size_t * used, size_t * max,
char * format, ... )
{
va_list ap;
int want;
char * newbuf;
va_start( ap, format );
want = vsnprintf( NULL, 0, format, ap );
va_end(ap);
while( *used + want + 1 > *max )
{
*max += OUTBUF_SIZE;
newbuf = realloc( *buf, *max );
if( NULL == newbuf )
{
return 1;
}
*buf = newbuf;
}
va_start( ap, format );
*used += vsnprintf( *buf + *used, *max - *used, format, ap );
va_end( ap );
return 0;
}

8
libtransmission/bencode.h
View File

@ -49,10 +49,14 @@ typedef struct benc_val_s
} val;
} benc_val_t;
#define tr_bencLoad(b,v,e) _tr_bencLoad((char*)(b),v,(char**)e)
int _tr_bencLoad( char * buf, benc_val_t * val, char ** end );
#define tr_bencLoad(b,l,v,e) _tr_bencLoad((char*)(b),(l),(v),(char**)(e))
int _tr_bencLoad( char * buf, size_t len, benc_val_t * val,
char ** end );
void tr_bencPrint( benc_val_t * val );
void tr_bencFree( benc_val_t * val );
benc_val_t * tr_bencDictFind( benc_val_t * val, char * key );
char * tr_bencSaveMalloc( benc_val_t * val, size_t * len );
int tr_bencSave( benc_val_t * val, char ** buf,
size_t * used, size_t * max );
#endif

2
libtransmission/metainfo.c
View File

@ -78,7 +78,7 @@ int tr_metainfoParse( tr_info_t * inf, const char * path )
fclose( file );
/* Parse bencoded infos */
if( tr_bencLoad( buf, &meta, NULL ) )
if( tr_bencLoad( buf, sb.st_size, &meta, NULL ) )
{
fprintf( stderr, "Error while parsing bencoded data\n" );
free( buf );

4
libtransmission/tracker.c
View File

@ -462,7 +462,7 @@ static void recvAnswer( tr_tracker_t * tc )
return;
}
if( tr_bencLoad( &body[i], &beAll, NULL ) )
if( tr_bencLoad( &body[i], bodylen - i, &beAll, NULL ) )
{
tr_err( "Tracker: error parsing bencoded data" );
tc->lastAttempt = TC_ATTEMPT_ERROR;
@ -706,7 +706,7 @@ int tr_trackerScrape( tr_torrent_t * tor, int * seeders, int * leechers )
{
return 1;
}
if( tr_bencLoad( &buf[i], &scrape, NULL ) )
if( tr_bencLoad( &buf[i], pos - i, &scrape, NULL ) )
{
return 1;
}