From 5ab658ae3dffda141358f39050c852935e0f123c Mon Sep 17 00:00:00 2001
From: Miguel Freitas <miguelfreitas@users.noreply.github.com>
Date: Tue, 7 Jan 2014 16:51:40 -0200
Subject: [PATCH] enforce bencoded size. sanity check.

---
 src/twister.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/twister.cpp b/src/twister.cpp
index bdea3f7c..c41a3b5d 100644
--- a/src/twister.cpp
+++ b/src/twister.cpp
@@ -840,7 +840,9 @@ bool acceptSignedPost(char const *data, int data_size, std::string username, int
     lazy_entry v;
     int pos;
     libtorrent::error_code ec;
-    if (lazy_bdecode(data, data + data_size, v, ec, &pos) == 0) {
+    if (data_size <= 0 || data_size > 2048 ) {
+        sprintf(errbuf,"bad bencoded post size");
+    } else if (lazy_bdecode(data, data + data_size, v, ec, &pos) == 0) {
 
         if( v.type() == lazy_entry::dict_t ) {
             lazy_entry const* post = v.dict_find_dict("userpost");