frontend/http: avoid overflows parsing queryparams

This commit is contained in:
Jimmy Zelinskie 2022-01-15 14:25:39 -05:00
parent d1b90c0139
commit f3468edf19
2 changed files with 7 additions and 7 deletions

View file

@ -189,13 +189,13 @@ func (qp *QueryParams) String(key string) (string, bool) {
// Uint64 returns a uint parsed from a query. After being called, it is safe to
// cast the uint64 to your desired length.
func (qp *QueryParams) Uint64(key string) (uint64, error) {
func (qp *QueryParams) Uint64(key string, bitSize int) (uint64, error) {
str, exists := qp.params[key]
if !exists {
return 0, ErrKeyNotFound
}
val, err := strconv.ParseUint(str, 10, 64)
val, err := strconv.ParseUint(str, 10, bitSize)
if err != nil {
return 0, err
}

View file

@ -73,25 +73,25 @@ func ParseAnnounce(r *http.Request, opts ParseOptions) (*bittorrent.AnnounceRequ
request.Peer.ID = bittorrent.PeerIDFromString(peerID)
// Determine the number of remaining bytes for the client.
request.Left, err = qp.Uint64("left")
request.Left, err = qp.Uint64("left", 64)
if err != nil {
return nil, bittorrent.ClientError("failed to parse parameter: left")
}
// Determine the number of bytes downloaded by the client.
request.Downloaded, err = qp.Uint64("downloaded")
request.Downloaded, err = qp.Uint64("downloaded", 64)
if err != nil {
return nil, bittorrent.ClientError("failed to parse parameter: downloaded")
}
// Determine the number of bytes shared by the client.
request.Uploaded, err = qp.Uint64("uploaded")
request.Uploaded, err = qp.Uint64("uploaded", 64)
if err != nil {
return nil, bittorrent.ClientError("failed to parse parameter: uploaded")
}
// Determine the number of peers the client wants in the response.
numwant, err := qp.Uint64("numwant")
numwant, err := qp.Uint64("numwant", 32)
if err != nil && err != bittorrent.ErrKeyNotFound {
return nil, bittorrent.ClientError("failed to parse parameter: numwant")
}
@ -100,7 +100,7 @@ func ParseAnnounce(r *http.Request, opts ParseOptions) (*bittorrent.AnnounceRequ
request.NumWant = uint32(numwant)
// Parse the port where the client is listening.
port, err := qp.Uint64("port")
port, err := qp.Uint64("port", 16)
if err != nil {
return nil, bittorrent.ClientError("failed to parse parameter: port")
}