2 ===================================================================
3 --- bencode.h (revision 301)
4 +++ bencode.h (revision 302)
6 size_t decode_list(const char *b,size_t len,const char *keylist);
7 size_t decode_rev(const char *b,size_t len,const char *keylist);
8 size_t decode_query(const char *b,size_t len,const char *keylist,const char **ps,size_t *pi,int64_t *pl,int method);
9 -size_t decode_list2path(const char *b, size_t n, char *pathname);
10 +size_t decode_list2path(const char *b, size_t n, char *pathname, size_t maxlen);
11 size_t bencode_buf(const char *str,size_t len,FILE *fp);
12 size_t bencode_str(const char *str, FILE *fp);
13 size_t bencode_int(const uint64_t integer, FILE *fp);
15 ===================================================================
16 --- bencode.cpp (revision 301)
17 +++ bencode.cpp (revision 302)
19 return bencode_end_dict_list(fp);
22 -size_t decode_list2path(const char *b, size_t n, char *pathname)
23 +size_t decode_list2path(const char *b, size_t n, char *pathname, size_t maxlen)
26 const char *s = (char *) 0;
27 + const char *endmax = pathname + maxlen - 1;
30 if( 'l' != *pb ) return 0;
35 + while( n && pathname < endmax ){
36 if(!(r = buf_str(pb, n, &s, &q)) ) return 0;
37 + if( q >= maxlen ) return 0;
38 memcpy(pathname, s, q);
41 - if( 'e' != *pb ){*pathname = PATH_SP, pathname++;} else break;
45 + if( 'e' == *pb ) break;
46 + if( pathname >= endmax ) return 0;
47 + *pathname++ = PATH_SP;
52 ===================================================================
53 --- btfiles.cpp (revision 301)
54 +++ btfiles.cpp (revision 302)
56 BTFILE *pbf_last = (BTFILE*) 0;
57 BTFILE *pbf = (BTFILE*) 0;
59 + unsigned long nfiles = 0;
61 if( decode_query(metabuf,metabuf_len,"info|length",
62 (const char**) 0,(size_t*) 0,(int64_t*) 0,QUERY_LONG) )
70 m_total_files_length += t;
71 r = decode_query(p, dl, "path", (const char **)0, &n, (int64_t*)0,
74 - if(!decode_list2path(p + r, n, path)) return -1;
75 + if( !r || !decode_list2path(p + r, n, path, sizeof(path)) ){
77 + "error, invalid path in torrent data for file %lu at offset %llu",
78 + nfiles, m_total_files_length - t);
84 char *tmpfn = new char[strlen(path)*2+5];