Commit 8d640352 authored by RealAlexJones's avatar RealAlexJones Committed by Jari Sundell

Bug Fixes for 123,124,125,126,129 and 130 (#131)

* Fixed 129, checking peers6 with has_key_string

* Fix for 123, setting limit on Transaction ID for DHT

* Fix for 126 handling resizing exception

* Fix for 125 throw if peer sent metadata_size 0

* Fix for 124 don't throw internal error in bytes_left if left > 1<<60

* Fix for 130, changed order of check in object_read_bencode_c

* Added <stdexcept> for clang

* Revert "Fix for 124 don't throw internal error in bytes_left if left > 1<<60"

This reverts commit 592568ebd223e8393e3241a769ba079cdb47eaf7.

* Restrict Transaction ID in DHT. Check length in create_error as well

* Set upper bound of metadata size in DownloadMain::set_metadata_size

* missed () in dht_server

* Handle length check for raw_bencode and raw_string

* only add tid in create_error if it's a raw string
parent f466d361
......@@ -597,7 +597,7 @@ void
DhtServer::create_error(const DhtMessage& req, const rak::socket_address* sa, int num, const char* msg) {
DhtMessage error;
if (req[key_t].is_raw_bencode() || req[key_t].is_raw_string())
if (req[key_t].is_raw_string() && req[key_t].as_raw_string().size() < 67)
error[key_t] = req[key_t];
error[key_y] = raw_bencode::from_c_str("1:e");
......@@ -743,6 +743,11 @@ DhtServer::event_read() {
if (!message[key_t].is_raw_string())
throw dht_error(dht_error_protocol, "No transaction ID");
// Restrict the length of Transaction IDs. We echo them in our replies.
if(message[key_t].as_raw_string().size() > 20) {
throw dht_error(dht_error_protocol, "Transaction ID length too long");
}
if (!message[key_y].is_raw_string())
throw dht_error(dht_error_protocol, "No message type");
......
......@@ -492,6 +492,9 @@ DownloadMain::do_peer_exchange() {
void
DownloadMain::set_metadata_size(size_t size) {
if (m_info->is_meta_download()) {
if(size == 0 || size > (1 << 26))
throw communication_error("Peer-supplied invalid metadata size.");
if (m_fileList.size_bytes() < 2)
file_list()->reset_filesize(size);
else if (size != m_fileList.size_bytes())
......
......@@ -40,6 +40,7 @@
#include <iostream>
#include <cmath>
#include <limits>
#include <stdexcept>
#include <rak/algorithm.h>
#include <rak/string_manip.h>
......@@ -59,7 +60,12 @@ object_read_string(std::istream* input, std::string& str) {
if (input->fail() || input->get() != ':')
return false;
str.resize(size);
try {
str.resize(size);
}
catch (std::length_error& e){
return false;
}
for (std::string::iterator itr = str.begin(); itr != str.end() && input->good(); ++itr)
*itr = input->get();
......@@ -104,8 +110,8 @@ object_read_bencode_c_string(const char* first, const char* last) {
while (first != last && *first >= '0' && *first <= '9')
length = length * 10 + (*first++ - '0');
if (length + 1 > (unsigned int)std::distance(first, last) || *first++ != ':'
|| length + 1 == 0)
if (length + 1 > (unsigned int)std::distance(first, last) || length + 1 == 0
|| *first++ != ':')
throw torrent::bencode_error("Invalid bencode data.");
return raw_string(first, length);
......
......@@ -356,7 +356,7 @@ TrackerHttp::process_success(const Object& object) {
}
}
if (object.has_key("peers6"))
if (object.has_key_string("peers6"))
l.parse_address_compact_ipv6(object.get_key_string("peers6"));
close_directly();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment