Changeset 1524

Timestamp:

Mar 5, 2007, 12:07:48 AM (15 years ago)

Author:

joshe

Message:

Better checking of metainfo.
Strip / out of filenames and path components.
Safely handle . and .. in file paths.

Location:

trunk/libtransmission

Files:

• bencode.c (modified) (2 diffs)
• bencode.h (modified) (1 diff)
• metainfo.c (modified) (14 diffs)

trunk/libtransmission/bencode.c

@@ -215 +215 @@
 }
 
-benc_val_t * tr_bencDictFind( benc_val_t * val, char * key )
+benc_val_t * tr_bencDictFind( benc_val_t * val, const char * key )
 {
     int i;
@@ -232 +232 @@
 
     return NULL;
+}
+
+benc_val_t * tr_bencDictFindFirst( benc_val_t * val, ... )
+{
+    const char * key;
+    benc_val_t * ret;
+    va_list      ap;
+
+    va_start( ap, val );
+    while( ( key = va_arg( ap, const char * ) ) )
+    {
+        ret = tr_bencDictFind( val, key );
+        if( NULL != ret )
+        {
+            break;
+        }
+    }
+    va_end( ap );
+
+    return ret;
 }
 

trunk/libtransmission/bencode.h

@@ -57 +57 @@
 void         tr_bencPrint( benc_val_t * val );
 void         tr_bencFree( benc_val_t * val );
-benc_val_t * tr_bencDictFind( benc_val_t * val, char * key );
+benc_val_t * tr_bencDictFind( benc_val_t * val, const char * key );
+benc_val_t * tr_bencDictFindFirst( benc_val_t * val, ... );
 char *       tr_bencSaveMalloc( benc_val_t * val, int * len );
 int          tr_bencSave( benc_val_t * val, char ** buf,

trunk/libtransmission/metainfo.c

@@ -30 +30 @@
  * Local prototypes
  **********************************************************************/
+static int getfile( char * buf, int size,
+                    const char * prefix, const benc_val_t * name );
 static int getannounce( tr_info_t * inf, benc_val_t * meta );
 static char * announceToScrape( const char * announce );
-#define strcatUTF8( dst, src) _strcatUTF8( (dst), sizeof( dst ) - 1, (src) )
-static void _strcatUTF8( char *, int, char * );
+static void strcatUTF8( char *, int, const char *, int );
 
 /***********************************************************************
@@ -103 +104 @@
 
     /* Get info hash */
-    if( !( beInfo = tr_bencDictFind( &meta, "info" ) ) )
-    {
-        tr_err( "Could not find \"info\" dictionary" );
+    beInfo = tr_bencDictFind( &meta, "info" );
+    if( NULL == beInfo || TYPE_DICT != beInfo->type )
+    {
+        tr_err( "%s \"info\" dictionary", ( beInfo ? "Invalid" : "Missing" ) );
         tr_bencFree( &meta );
         free( buf );
@@ -151 +153 @@
         
     /* Comment info */
-    if( ( val = tr_bencDictFind( &meta, "comment.utf-8" ) ) || ( val = tr_bencDictFind( &meta, "comment" ) ) )
-    {
-        strcatUTF8( inf->comment, val->val.s.s );
+    val = tr_bencDictFindFirst( &meta, "comment.utf-8", "comment", NULL );
+    if( NULL != val && TYPE_STR == val->type )
+    {
+        strcatUTF8( inf->comment, sizeof( inf->comment ), val->val.s.s, 0 );
     }
     
     /* Creator info */
-    if( ( val = tr_bencDictFind( &meta, "created by.utf-8" ) ) || ( val = tr_bencDictFind( &meta, "created by" ) ) )
-    {
-        strcatUTF8( inf->creator, val->val.s.s );
+    tr_bencDictFindFirst( &meta, "created by.utf-8", "created by", NULL );
+    if( NULL != val && TYPE_STR == val->type )
+    {
+        strcatUTF8( inf->creator, sizeof( inf->creator ), val->val.s.s, 0 );
     }
     
     /* Date created */
-    if( ( val = tr_bencDictFind( &meta, "creation date" ) ) )
+    inf->dateCreated = 0;
+    val = tr_bencDictFind( &meta, "creation date" );
+    if( NULL != val && TYPE_INT == val->type )
     {
         inf->dateCreated = val->val.i;
     }
-    else
-    {
-        inf->dateCreated = 0;
-    }
     
     /* Private torrent */
-    if( ( NULL != ( val = tr_bencDictFind( beInfo, "private" ) ) &&
-          TYPE_INT == val->type && val->val.i ) ||
-        ( NULL != ( val = tr_bencDictFind( &meta, "private" ) ) &&
-          TYPE_INT == val->type && val->val.i ) )
+    if( tr_bencDictFind( beInfo, "private" ) ||
+        tr_bencDictFind( &meta, "private" ) )
     {
         inf->flags |= TR_FLAG_PRIVATE;
@@ -182 +182 @@
     
     /* Piece length */
-    if( !( val = tr_bencDictFind( beInfo, "piece length" ) ) )
-    {
-        tr_err( "No \"piece length\" entry" );
-        tr_bencFree( &meta );
-        return 1;
+    val = tr_bencDictFind( beInfo, "piece length" );
+    if( NULL == val || TYPE_INT != val->type )
+    {
+        tr_err( "%s \"piece length\" entry", ( val ? "Invalid" : "Missing" ) );
+        goto fail;
     }
     inf->pieceSize = val->val.i;
@@ -192 +192 @@
     /* Hashes */
     val = tr_bencDictFind( beInfo, "pieces" );
+    if( NULL == val || TYPE_STR != val->type )
+    {
+        tr_err( "%s \"pieces\" entry", ( val ? "Invalid" : "Missing" ) );
+        goto fail;
+    }
     if( val->val.s.i % SHA_DIGEST_LENGTH )
     {
         tr_err( "Invalid \"piece\" string (size is %d)", val->val.s.i );
-        tr_bencFree( &meta );
-        return 1;
+        goto fail;
     }
     inf->pieceCount = val->val.s.i / SHA_DIGEST_LENGTH;
@@ -204 +208 @@
     /* TODO add more tests so we don't crash on weird files */
 
+    /* get file or top directory name */
+    val = tr_bencDictFindFirst( beInfo, "name.utf-8", "name", NULL );
+    if( NULL == val || TYPE_STR != val->type )
+    {
+        tr_err( "%s \"name\" string", ( val ? "Invalid" : "Missing" ) );
+        goto fail;
+    }
+    strcatUTF8( inf->name, sizeof( inf->name ), val->val.s.s, 1 );
     inf->totalSize = 0;
+
     if( ( list = tr_bencDictFind( beInfo, "files" ) ) )
     {
         /* Multi-file mode */
-        int j;
-
-        val = tr_bencDictFind( beInfo, "name.utf-8" );
-        if( NULL == val )
-        {
-            val = tr_bencDictFind( beInfo, "name" );
-        }
-        strcatUTF8( inf->name, val->val.s.s );
-
         inf->multifile = 1;
         inf->fileCount = list->val.l.count;
@@ -223 +227 @@
         for( i = 0; i < list->val.l.count; i++ )
         {
-            val = tr_bencDictFind( &list->val.l.vals[i], "path.utf-8" );
-            if( NULL == val )
-            {
-                val = tr_bencDictFind( &list->val.l.vals[i], "path" );
-            }
-            strcatUTF8( inf->files[i].name, inf->name );
-            for( j = 0; j < val->val.l.count; j++ )
-            {
-                strcatUTF8( inf->files[i].name, "/" );
-                strcatUTF8( inf->files[i].name,
-                            val->val.l.vals[j].val.s.s );
+            val = tr_bencDictFindFirst( &list->val.l.vals[i],
+                                        "path.utf-8", "path", NULL );
+            if( getfile( inf->files[i].name, sizeof( inf->files[i].name ),
+                         inf->name, val ) )
+            {
+                tr_err( "%s \"path\" entry", ( val ? "Invalid" : "Missing" ) );
+                goto fail;
             }
             val = tr_bencDictFind( &list->val.l.vals[i], "length" );
@@ -239 +239 @@
             inf->totalSize       += val->val.i;
         }
-
     }
     else
@@ -248 +247 @@
         inf->files     = calloc( sizeof( tr_file_t ), 1 );
 
-        val = tr_bencDictFind( beInfo, "name.utf-8" );
-        if( NULL == val )
-        {
-            val = tr_bencDictFind( beInfo, "name" );
-        }
-        strcatUTF8( inf->files[0].name, val->val.s.s );
-        strcatUTF8( inf->name, val->val.s.s );
+        strcatUTF8( inf->files[0].name, sizeof( inf->files[0].name),
+                    val->val.s.s, 1 );
         
         val = tr_bencDictFind( beInfo, "length" );
+        if( NULL == val || TYPE_INT != val->type )
+        {
+            tr_err( "%s \"length\" entry", ( val ? "Invalid" : "Missing" ) );
+            goto fail;
+        }
         inf->files[0].length  = val->val.i;
         inf->totalSize       += val->val.i;
@@ -265 +264 @@
     {
         tr_err( "Size of hashes and files don't match" );
-        tr_metainfoFree( inf );
-        tr_bencFree( &meta );
-        return 1;
+        goto fail;
     }
 
@@ -273 +270 @@
     if( getannounce( inf, &meta ) )
     {
-        tr_metainfoFree( inf );
-        tr_bencFree( &meta );
-        return 1;
+        goto fail;
     }
 
     tr_bencFree( &meta );
     return 0;
+
+  fail:
+    tr_metainfoFree( inf );
+    tr_bencFree( &meta );
+    return 1;
 }
 
@@ -300 +300 @@
     }
     free( inf->trackerList );
+}
+
+static int getfile( char * buf, int size,
+                    const char * prefix, const benc_val_t * name )
+{
+    const benc_val_t * dir;
+    const char      ** list;
+    int                ii, jj;
+
+    if( TYPE_LIST != name->type )
+    {
+        return 1;
+    }
+
+    list = calloc( name->val.l.count, sizeof( list[0] ) );
+    if( NULL == list )
+    {
+        return 1;
+    }
+
+    for( ii = jj = 0; name->val.l.count > ii; ii++ )
+    {
+        if( TYPE_STR != name->val.l.vals[ii].type )
+        {
+            continue;
+        }
+        dir = &name->val.l.vals[ii];
+        if( 0 == strcmp( "..", dir->val.s.s ) )
+        {
+            if( 0 < jj )
+            {
+                jj--;
+            }
+        }
+        else if( 0 != strcmp( ".", dir->val.s.s ) )
+        {
+            list[jj] = dir->val.s.s;
+            jj++;
+        }
+    }
+
+    if( 0 == jj )
+    {
+        return 1;
+    }
+
+    strcatUTF8( buf, size, prefix, 0 );
+    for( ii = 0; jj > ii; ii++ )
+    {
+        strcatUTF8( buf, size, "/", 0 );
+        strcatUTF8( buf, size, list[ii], 1 );
+    }
+    free( list );
+
+    return 0;
 }
 
@@ -475 +530 @@
 #define WANTBYTES( want, got ) \
     if( (want) > (got) ) { return; } else { (got) -= (want); }
-static void _strcatUTF8( char * s, int len, char * append )
+static void strcatUTF8( char * s, int len, const char * append, int deslash )
 {
-    char * p;
+    const char * p;
+
+    /* don't overwrite the nul at the end */
+    len--;
 
     /* Go to the end of the destination string */
@@ -489 +547 @@
     for( p = append; p[0]; )
     {
+        /* skip over / if requested */
+        if( deslash && '/' == p[0] )
+        {
+            p++;
+            continue;
+        }
+
         if( !( p[0] & 0x80 ) )
         {