1
0
Fork 0
mirror of https://gitlab.com/SIGBUS/nyaa.git synced 2024-11-01 00:35:59 +00:00

bencode: fix nontermination on empty or malformed input

read(1) returns b'' on EOF, which wasn't checked for in a couple cases,
which could cause empty/truncated input to enter one of the `while True`
loops without hope of exit. programming is hard.
This commit is contained in:
queue 2017-07-24 20:39:09 -06:00
parent c5ce99c3f3
commit b1d187613a
2 changed files with 10 additions and 2 deletions

View file

@ -55,13 +55,15 @@ def _bencode_decode(file_object, decode_keys_as_utf8=True):
return items return items
kind = file_object.read(1) kind = file_object.read(1)
if not kind:
raise create_ex('EOF, expecting kind')
if kind == _B_INT: # Integer if kind == _B_INT: # Integer
int_bytes = b'' int_bytes = b''
while True: while True:
c = file_object.read(1) c = file_object.read(1)
if not c: if not c:
raise create_ex('Unexpected end while reading an integer') raise create_ex('EOF, expecting more integer')
elif c == _B_END: elif c == _B_END:
try: try:
return int(int_bytes.decode('utf8')) return int(int_bytes.decode('utf8'))
@ -97,6 +99,8 @@ def _bencode_decode(file_object, decode_keys_as_utf8=True):
# Read string length until a ':' # Read string length until a ':'
while True: while True:
c = file_object.read(1) c = file_object.read(1)
if not c:
raise create_ex('EOF, expecting more string len')
if c in _DIGITS: if c in _DIGITS:
str_len_bytes += c str_len_bytes += c
elif c == b':': elif c == b':':

View file

@ -58,11 +58,15 @@ class TestBencode(unittest.TestCase):
(b'ie', bencode.MalformedBencodeException, (b'ie', bencode.MalformedBencodeException,
r'Unable to parse int'), r'Unable to parse int'),
(b'i64', bencode.MalformedBencodeException, (b'i64', bencode.MalformedBencodeException,
r'Unexpected end while reading an integer'), r'EOF, expecting more integer'),
(b'', bencode.MalformedBencodeException,
r'EOF, expecting kind'),
(b'i6-4', bencode.MalformedBencodeException, (b'i6-4', bencode.MalformedBencodeException,
r'Unexpected input while reading an integer'), r'Unexpected input while reading an integer'),
(b'4#string', bencode.MalformedBencodeException, (b'4#string', bencode.MalformedBencodeException,
r'Unexpected input while reading string length'), r'Unexpected input while reading string length'),
(b'4', bencode.MalformedBencodeException,
r'EOF, expecting more string len'),
(b'$:string', bencode.MalformedBencodeException, (b'$:string', bencode.MalformedBencodeException,
r'Unexpected data type'), r'Unexpected data type'),
(b'd5:world7:numbersli1ei2eee', bencode.MalformedBencodeException, (b'd5:world7:numbersli1ei2eee', bencode.MalformedBencodeException,