[ADC] Implementations validate hard coded CID/PID length
Bug #1130910 reported by
Fredrik Ullner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dcbase |
Confirmed
|
Medium
|
Unassigned |
Bug Description
ADC does not explicitly specify the length of CID or PID (they're always the same length though). However, each hash algorithm specifies the length (either implicitly or explicitly).
Many implementations do not care about the algorithm when they check the length; they have it hard coded to TIGR's 39 bytes.
It is important to see what can be done to eliminate direct hard coding and at least have some algorithm checking. Potentially, the specification and/or the recommendations document should outline as such.
To post a comment you must log in.
Looks like there's an algorithm in DC++ to calculate the number 39 (it's a Base32 calculation); floor(hash_ algorithm_ in_bits / 5 + 1). In the case of Tiger, this will be floor(192 / 5 + 1) = floor(38.4 + 1) = floor(39.4) = 39 (bytes).
If we were to move to an algorithm which uses e.g. 256 bits, the resulting size fo CIDs etc will be floor(256/5+1) = 52 (bytes).
Each component that has a hard coded value of 39 must check which algorithm the value generated from (this is slightly non-trivial since the origin of the value must be stored somewhere) and then convert that algorithm's bit value to an appropriate byte value (for Base32).