From e6dc205232e56a934484cea16f03aa31ccea1139 Mon Sep 17 00:00:00 2001
From: tc-wleite <wladimir.leite@gmail.com>
Date: Sat, 23 Nov 2024 12:40:37 -0300
Subject: [PATCH] '#2364: Check hashes parsed from torrents(avoid garbage in
 linkedItems).

---
 .../iped/parsers/bittorrent/TorrentFileParser.java | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/bittorrent/TorrentFileParser.java b/iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/bittorrent/TorrentFileParser.java
index e18f0dc558..753b6f69bd 100644
--- a/iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/bittorrent/TorrentFileParser.java
+++ b/iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/bittorrent/TorrentFileParser.java
@@ -76,6 +76,7 @@ public class TorrentFileParser extends AbstractParser {
     private static final int maxHitsCheck = 64;
     private static final int minPiecesMultiFile = 8;
     
+    // Length of valid hex-encoded hashes
     private static final int md5Len = 32;
     private static final int sha1Len = 40;
     private static final int edonkeyLen = 32;
@@ -389,6 +390,19 @@ private static String getStringOrBytes(BencodedDict dict, String key, int len) {
         String s = dict.getString(key).trim();
         if (s.length() > 0 && s.length() != len) {
             s = dict.getHexEncodedBytes(key);
+            if (s.length() != len) {
+                // Discard if hex-encoded string length does not match the expected length
+                s = "";
+            }
+        } else {
+            for (int i = 0; i < s.length(); i++) {
+                char c = s.charAt(i);
+                if ((c < '0' || c > '9') && (c < 'a' || c > 'f') && (c < 'A' || c > 'F')) {
+                    // Discard if string has any non hexadecimal character
+                    s = "";
+                    break;
+                }
+            }
         }
         return s;
     }