From be5631dff1f4f28636ba1b88e9d17034fe4551d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Sat, 31 Dec 2022 18:09:39 +0100 Subject: fixed bdecoding strncpy->memcpy +etc --- src/bencoding.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) (limited to 'src/bencoding.c') diff --git a/src/bencoding.c b/src/bencoding.c index bcf8f17..66b43b3 100644 --- a/src/bencoding.c +++ b/src/bencoding.c @@ -146,20 +146,13 @@ struct bencoding * bstrs_set (struct bencoding * b, char * s) { * @param num [in] the number to be converted to a bencoding number */ -struct bencoding * bnum (long int num) { +struct bencoding * bnum (long int nr) { struct bencoding * b = calloc(1, sizeof *b); if (!b) return NULL; b->type = num; - /* char buf[512]; - sprintf(buf, "%ld", num); - b->value = strdup(buf); - if (!b->intvalue) { - free(b); - return NULL; - } */ // we could do this, but I don't think it's necessary. b->valuelen = 0; - b->intvalue = num; + b->intvalue = nr; return b; } @@ -513,7 +506,7 @@ struct bencoding * bdecode_safe (const char * s, int len, enum benc opts, unsign return NULL; default: if (!(s[0] >= '0' && s[0] <= '9')) { /* not a string. not checking this would allow DoS for parsing "lx" */ - fprintf(stderr, "bencoding: unknown type %c\n", s[0]); + fprintf(stderr, "bencoding: unknown type %d - %c\n", s[0], s[0]); free(b); return NULL; } @@ -523,7 +516,7 @@ struct bencoding * bdecode_safe (const char * s, int len, enum benc opts, unsign if (len != -1 && (unsigned)len < b->valuelen + (ch+1 - s) /* len minus prefix; strlen & colon */) b->valuelen = len - (ch+1 - s); /* malformed bencoded data, truncating string */ b->value = malloc(b->valuelen+1); - strncpy(b->value, ch+1, b->valuelen); + memcpy(b->value, ch+1, b->valuelen); // ofc not strncpy - binary strs b->value[b->valuelen] = '\0'; b->after = ch+1+b->valuelen; } else { @@ -541,7 +534,7 @@ struct bencoding * bdecode_safe (const char * s, int len, enum benc opts, unsign * * nonstandard things: this parser allows for dict keys to be of any type, valuekey * - * this is a wrapper function, the implementation is in bdecode_safe that was made as an afterthought to prevent stack overflows and limits the number of elements bdecoded to 2**16. + * this is a wrapper function, the implementation is in bdecode_safe that was made as an afterthought to prevent stack overflows and limits the number of elements bdecoded. * * @param len [in] * if set to -1, string is assumed to be correct and not NULL terminated, NULLs may be in strings. * - malicious strings may trigger reads past the end of the buffer, which may lead to undefined @@ -560,7 +553,7 @@ struct bencoding * bdecode_safe (const char * s, int len, enum benc opts, unsign */ struct bencoding * bdecode (const char * s, int len, enum benc opts) { - return bdecode_safe(s, len, opts, 0, 65535); + return bdecode_safe(s, len, opts, 0, 1 << 21); } /** @@ -664,7 +657,7 @@ int bencode_length (struct bencoding * b) { return strlen(buf)+bencode_length(b->key)+2; } if (b->type & string) { - sprintf(buf, "%ld", b->valuelen); + sprintf(buf, "%zu", b->valuelen); return strlen(buf)+1+b->valuelen+bencode_length(b->key); } if (b->type & (list | dict)) { @@ -704,7 +697,7 @@ char * bencode (char * dest, struct bencoding * b) { *dest++ = 'e'; } if (b->type & string) { - sprintf(buf, "%ld:", b->valuelen); + sprintf(buf, "%zu:", b->valuelen); strncpy(dest, buf, strlen(buf)); dest += strlen(buf); memcpy(dest, b->value, b->valuelen); -- cgit v1.2.3