Hi,
I noticed a bug in the bittorent protocol code while trying to get an ISO from
http://torrents.gentoo.org/.
Here is a fix for it.
1) Before the uri was put on the stack and the access that uri later
may trash the stack.
2) done_uri expects that uri->string is not NULL, so uri->string points to "".
Witek
diff --git a/src/protocol/bittorrent/peerconnect.c
b/src/protocol/bittorrent/peerconnect.c
index aeafbf3..3ac5baa 100644
--- a/src/protocol/bittorrent/peerconnect.c
+++ b/src/protocol/bittorrent/peerconnect.c
@@ -271,7 +271,7 @@ enum bittorrent_state
make_bittorrent_peer_connection(struct bittorrent_connection *bittorrent,
struct bittorrent_peer *peer_info)
{
- struct uri uri;
+ struct uri *uri;
struct bittorrent_peer_connection *peer;
unsigned char port[5];
@@ -296,14 +296,15 @@ make_bittorrent_peer_connection(struct
bittorrent_connection *bittorrent,
/* FIXME: Rather change the make_connection() interface. This is an ugly
* hack. */
/* FIXME: Set the ipv6 flag iff ... */
- memset(&uri, 0, sizeof(uri));
- uri.protocol = PROTOCOL_BITTORRENT;
- uri.host = peer_info->ip;
- uri.hostlen = strlen(peer_info->ip);
- uri.port = port;
- uri.portlen = snprintf(port, sizeof(port), "%u", peer_info->port);
-
- make_connection(peer->socket, &uri, send_bittorrent_peer_handshake, 1);
+ uri = mem_calloc(1, sizeof(*uri));
+ uri->protocol = PROTOCOL_BITTORRENT;
+ uri->host = peer_info->ip;
+ uri->hostlen = strlen(peer_info->ip);
+ uri->port = port;
+ uri->portlen = snprintf(port, sizeof(port), "%u", peer_info->port);
+ uri->string = "";
+
+ make_connection(peer->socket, uri, send_bittorrent_peer_handshake, 1);
return BITTORRENT_STATE_OK;
}
_______________________________________________
elinks-dev mailing list
[email protected]
http://linuxfromscratch.org/mailman/listinfo/elinks-dev
