From 2e6443a53dfb3d410bd7da0dd6739913ff487513 Mon Sep 17 00:00:00 2001 From: Charles Kerr Date: Sun, 10 Aug 2008 14:58:11 +0000 Subject: [PATCH] #1168: reading past the end of KTorrent's pex added.f strings --- libtransmission/bencode.c | 17 +++++++++++++++++ libtransmission/bencode.h | 2 ++ libtransmission/peer-mgr.c | 24 +++++++----------------- libtransmission/peer-mgr.h | 9 +++++---- libtransmission/peer-msgs.c | 7 ++++--- libtransmission/torrent.c | 2 +- 6 files changed, 36 insertions(+), 25 deletions(-) diff --git a/libtransmission/bencode.c b/libtransmission/bencode.c index f3940cf43..e54c10a38 100644 --- a/libtransmission/bencode.c +++ b/libtransmission/bencode.c @@ -469,6 +469,23 @@ tr_bencDictFindStr( tr_benc * dict, const char * key, const char ** setme ) return found; } +int +tr_bencDictFindRaw( tr_benc * dict, + const char * key, + const uint8_t ** setme_raw, + size_t * setme_len ) +{ + int found = FALSE; + tr_benc * child = tr_bencDictFindType( dict, key, TYPE_STR ); + if( child ) { + *setme_raw = (uint8_t*) child->val.s.s; + *setme_len = child->val.s.i; + found = TRUE; + } + return found; +} + + /*** **** ***/ diff --git a/libtransmission/bencode.h b/libtransmission/bencode.h index 0cf25912e..a16f8d27d 100644 --- a/libtransmission/bencode.h +++ b/libtransmission/bencode.h @@ -71,6 +71,8 @@ void tr_bencFree( tr_benc * ); int tr_bencDictFindInt( tr_benc * dict, const char * key, int64_t * setme ); int tr_bencDictFindDouble( tr_benc * dict, const char * key, double * setme ); int tr_bencDictFindStr( tr_benc * dict, const char * key, const char ** setme ); +int tr_bencDictFindRaw( tr_benc * dict, const char * key, const uint8_t ** setme_raw, + size_t * setme_len ); int tr_bencDictFindList( tr_benc * dict, const char * key, tr_benc ** setme ); int tr_bencDictFindDict( tr_benc * dict, const char * key, tr_benc ** setme ); tr_benc * tr_bencDictFind( tr_benc * dict, const char * key ); diff --git a/libtransmission/peer-mgr.c b/libtransmission/peer-mgr.c index ff0f17711..ff60484f1 100644 --- a/libtransmission/peer-mgr.c +++ b/libtransmission/peer-mgr.c @@ -1070,34 +1070,24 @@ tr_peerMgrAddPex( tr_peerMgr * manager, } tr_pex * -tr_peerMgrCompactToPex( const void * compact, - size_t compactLen, - const char * added_f, - size_t * pexCount ) +tr_peerMgrCompactToPex( const void * compact, + size_t compactLen, + const uint8_t * added_f, + size_t added_f_len, + size_t * pexCount ) { size_t i; size_t n = compactLen / 6; const uint8_t * walk = compact; - const size_t flen = added_f ? strlen( added_f ) : 0; tr_pex * pex = tr_new0( tr_pex, n ); -#if 0 -if( added_f && strlen(added_f)!=n ) -{ - int i; - const int len = strlen( added_f ); - fprintf( stderr, "compactLen is %d, n is %d, and strlen(added_f) is %d!!!\n", (int)compactLen, (int)n, len ); - for( i=0; ival.s.s, added->val.s.i, added_f, &n ); + size_t added_f_len = 0; + tr_bencDictFindRaw( &val, "added.f", &added_f, &added_f_len ); + pex = tr_peerMgrCompactToPex( added->val.s.s, added->val.s.i, added_f, added_f_len, &n ); for( i=0; ihandle->peerMgr, tor->info.hash, TR_PEER_FROM_PEX, pex+i ); diff --git a/libtransmission/torrent.c b/libtransmission/torrent.c index 2fb4d2f65..7bab92f2d 100644 --- a/libtransmission/torrent.c +++ b/libtransmission/torrent.c @@ -187,7 +187,7 @@ onTrackerResponse( void * tracker UNUSED, void * vevent, void * user_data ) size_t i, n; tr_pex * pex = tr_peerMgrCompactToPex( event->compact, event->compactLen, - NULL, &n ); + NULL, 0, &n ); if( event->allAreSeeds ) tr_tordbg( tor, "Got %d seeds from tracker", (int)n ); else -- 2.40.0