mirror of
https://gitlab.com/SIGBUS/nyaa.git
synced 2024-12-22 10:00:01 +00:00
bencode: fix nontermination on empty or malformed input
read(1) returns b'' on EOF, which wasn't checked for in a couple cases, which could cause empty/truncated input to enter one of the `while True` loops without hope of exit. programming is hard.
This commit is contained in:
parent
c5ce99c3f3
commit
b1d187613a
|
@ -55,13 +55,15 @@ def _bencode_decode(file_object, decode_keys_as_utf8=True):
|
||||||
return items
|
return items
|
||||||
|
|
||||||
kind = file_object.read(1)
|
kind = file_object.read(1)
|
||||||
|
if not kind:
|
||||||
|
raise create_ex('EOF, expecting kind')
|
||||||
|
|
||||||
if kind == _B_INT: # Integer
|
if kind == _B_INT: # Integer
|
||||||
int_bytes = b''
|
int_bytes = b''
|
||||||
while True:
|
while True:
|
||||||
c = file_object.read(1)
|
c = file_object.read(1)
|
||||||
if not c:
|
if not c:
|
||||||
raise create_ex('Unexpected end while reading an integer')
|
raise create_ex('EOF, expecting more integer')
|
||||||
elif c == _B_END:
|
elif c == _B_END:
|
||||||
try:
|
try:
|
||||||
return int(int_bytes.decode('utf8'))
|
return int(int_bytes.decode('utf8'))
|
||||||
|
@ -97,6 +99,8 @@ def _bencode_decode(file_object, decode_keys_as_utf8=True):
|
||||||
# Read string length until a ':'
|
# Read string length until a ':'
|
||||||
while True:
|
while True:
|
||||||
c = file_object.read(1)
|
c = file_object.read(1)
|
||||||
|
if not c:
|
||||||
|
raise create_ex('EOF, expecting more string len')
|
||||||
if c in _DIGITS:
|
if c in _DIGITS:
|
||||||
str_len_bytes += c
|
str_len_bytes += c
|
||||||
elif c == b':':
|
elif c == b':':
|
||||||
|
|
|
@ -58,11 +58,15 @@ class TestBencode(unittest.TestCase):
|
||||||
(b'ie', bencode.MalformedBencodeException,
|
(b'ie', bencode.MalformedBencodeException,
|
||||||
r'Unable to parse int'),
|
r'Unable to parse int'),
|
||||||
(b'i64', bencode.MalformedBencodeException,
|
(b'i64', bencode.MalformedBencodeException,
|
||||||
r'Unexpected end while reading an integer'),
|
r'EOF, expecting more integer'),
|
||||||
|
(b'', bencode.MalformedBencodeException,
|
||||||
|
r'EOF, expecting kind'),
|
||||||
(b'i6-4', bencode.MalformedBencodeException,
|
(b'i6-4', bencode.MalformedBencodeException,
|
||||||
r'Unexpected input while reading an integer'),
|
r'Unexpected input while reading an integer'),
|
||||||
(b'4#string', bencode.MalformedBencodeException,
|
(b'4#string', bencode.MalformedBencodeException,
|
||||||
r'Unexpected input while reading string length'),
|
r'Unexpected input while reading string length'),
|
||||||
|
(b'4', bencode.MalformedBencodeException,
|
||||||
|
r'EOF, expecting more string len'),
|
||||||
(b'$:string', bencode.MalformedBencodeException,
|
(b'$:string', bencode.MalformedBencodeException,
|
||||||
r'Unexpected data type'),
|
r'Unexpected data type'),
|
||||||
(b'd5:world7:numbersli1ei2eee', bencode.MalformedBencodeException,
|
(b'd5:world7:numbersli1ei2eee', bencode.MalformedBencodeException,
|
||||||
|
|
Loading…
Reference in a new issue