Attachment #3550 for bug #20131

View | Details | Raw Unified | Return to bug 20131
Collapse All | Expand All

Lines 25-31 Link Here

(-)bencode.h (-1 / +1 lines)
25	size_t decode_list(const char b,size_t len,const char keylist);	25	size_t decode_list(const char b,size_t len,const char keylist);
26	size_t decode_rev(const char b,size_t len,const char keylist);	26	size_t decode_rev(const char b,size_t len,const char keylist);
27	size_t decode_query(const char b,size_t len,const char keylist,const char *ps,size_t pi,int64_t *pl,int method);	27	size_t decode_query(const char b,size_t len,const char keylist,const char *ps,size_t pi,int64_t *pl,int method);
28	size_t decode_list2path(const char b, size_t n, char pathname);	28	size_t decode_list2path(const char b, size_t n, char pathname, size_t maxlen);
29	size_t bencode_buf(const char str,size_t len,FILE fp);	29	size_t bencode_buf(const char str,size_t len,FILE fp);
30	size_t bencode_str(const char str, FILE fp);	30	size_t bencode_str(const char str, FILE fp);
31	size_t bencode_int(const uint64_t integer, FILE *fp);	31	size_t bencode_int(const uint64_t integer, FILE *fp);




  return bencode_end_dict_list(fp);
}

size_t decode_list2path(const char *b, size_t n, char *pathname, size_t maxlen)
{
  const char *pb = b;
  const char *s = (char *) 0;
  const char *endmax = pathname + maxlen - 1;
  size_t r,q;

  if( 'l' != *pb ) return 0;
  pb++;
  n--;
  if( !n ) return 0;
  while( n && pathname < endmax ){
    if(!(r = buf_str(pb, n, &s, &q)) ) return 0;
    if( q >= maxlen ) return 0;
    memcpy(pathname, s, q);
    pathname += q;
    maxlen -= q;
    pb += r;
    n -= r; 
    if( 'e' == *pb ) break;
    if( pathname >= endmax ) return 0;
    *pathname++ = PATH_SP;
  }
  *pathname = '\0';
  return (pb - b + 1);

Lines 471-476 Link Here

(-)btfiles.cpp (-2 / +10 lines)
471	BTFILE pbf_last = (BTFILE) 0;	471	BTFILE pbf_last = (BTFILE) 0;
472	BTFILE pbf = (BTFILE) 0;	472	BTFILE pbf = (BTFILE) 0;
473	size_t dl;	473	size_t dl;
		474	unsigned long nfiles = 0;
		475
474	if( decode_query(metabuf,metabuf_len,"info\|length",	476	if( decode_query(metabuf,metabuf_len,"info\|length",
475	(const char*) 0,(size_t) 0,(int64_t*) 0,QUERY_LONG) )	477	(const char*) 0,(size_t) 0,(int64_t*) 0,QUERY_LONG) )
476	return -1;	478	return -1;
Lines 524-535 Link Here
524	#ifndef WINDOWS	526	#ifndef WINDOWS
525	if( !pbf ) return -1;	527	if( !pbf ) return -1;
526	#endif	528	#endif
		529	nfiles++;
527	pbf->bf_length = t;	530	pbf->bf_length = t;
528	m_total_files_length += t;	531	m_total_files_length += t;
529	r = decode_query(p, dl, "path", (const char *)0, &n, (int64_t)0,	532	r = decode_query(p, dl, "path", (const char *)0, &n, (int64_t)0,
530	QUERY_POS);	533	QUERY_POS);
531	if( !r ) return -1;	534	if( !r \|\| !decode_list2path(p + r, n, path, sizeof(path)) ){
532	if(!decode_list2path(p + r, n, path)) return -1;	535	CONSOLE.Warning(1,
		536	"error, invalid path in torrent data for file %lu at offset %llu",
		537	nfiles, m_total_files_length - t);
		538	delete pbf;
		539	return -1;
		540	}
533		541
534	int f_conv;	542	int f_conv;
535	char tmpfn = new char[strlen(path)2+5];	543	char tmpfn = new char[strlen(path)2+5];

Return to bug 20131

Lines 233-254 Link Here

(-)bencode.cpp (-4 / +10 lines)
233	return bencode_end_dict_list(fp);	233	return bencode_end_dict_list(fp);
234	}	234	}
235		235
236	size_t decode_list2path(const char b, size_t n, char pathname)	236	size_t decode_list2path(const char b, size_t n, char pathname, size_t maxlen)
237	{	237	{
238	const char *pb = b;	238	const char *pb = b;
239	const char s = (char ) 0;	239	const char s = (char ) 0;
		240	const char *endmax = pathname + maxlen - 1;
240	size_t r,q;	241	size_t r,q;
241		242
242	if( 'l' != *pb ) return 0;	243	if( 'l' != *pb ) return 0;
243	pb++;	244	pb++;
244	n--;	245	n--;
245	if( !n ) return 0;	246	if( !n ) return 0;
246	for(; n;){	247	while( n && pathname < endmax ){
247	if(!(r = buf_str(pb, n, &s, &q)) ) return 0;	248	if(!(r = buf_str(pb, n, &s, &q)) ) return 0;
		249	if( q >= maxlen ) return 0;
248	memcpy(pathname, s, q);	250	memcpy(pathname, s, q);
249	pathname += q;	251	pathname += q;
250	pb += r; n -= r;	252	maxlen -= q;
251	if( 'e' != pb ){pathname = PATH_SP, pathname++;} else break;	253	pb += r;
		254	n -= r;
		255	if( 'e' == *pb ) break;
		256	if( pathname >= endmax ) return 0;
		257	*pathname++ = PATH_SP;
252	}	258	}
253	*pathname = '\0';	259	*pathname = '\0';
254	return (pb - b + 1);	260	return (pb - b + 1);