From 6156aebf7183502e1844e1190cbd1cba49949f11 Mon Sep 17 00:00:00 2001 From: Matt Joiner Date: Wed, 29 Sep 2021 16:56:01 +1000 Subject: [PATCH] Limit decoded bencode string lengths to 32 bits Found in fuzzing --- bencode/decode.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bencode/decode.go b/bencode/decode.go index 0cb04b91..768c9c7b 100644 --- a/bencode/decode.go +++ b/bencode/decode.go @@ -154,7 +154,7 @@ func (d *Decoder) parseString(v reflect.Value) error { // read the string length first d.readUntil(':') - length, err := strconv.ParseInt(bytesAsString(d.buf.Bytes()), 10, 0) + length, err := strconv.ParseInt(bytesAsString(d.buf.Bytes()), 10, 32) checkForIntParseError(err, start) defer d.buf.Reset()