Changeset 10022


Ignore:
Timestamp:
Jan 26, 2010, 8:38:04 PM (12 years ago)
Author:
charles
Message:

(trunk libT) #2800 "crashing during operation" -- if a peer sends an out-of-bounds "have piece" message, drop the connection

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/libtransmission/peer-msgs.c

    r10019 r10022  
    14261426            tr_peerIoReadUint32( msgs->peer->io, inbuf, &ui32 );
    14271427            dbgmsg( msgs, "got Have: %u", ui32 );
    1428             if( tr_bitsetAdd( &msgs->peer->have, ui32 ) ) {
     1428            if( tr_torrentHasMetadata( msgs->torrent )
     1429                    && ( ui32 >= msgs->torrent->info.pieceCount ) )
     1430            {
     1431                fireError( msgs, ERANGE );
     1432                return READ_ERR;
     1433            }
     1434            if( tr_bitsetAdd( &msgs->peer->have, ui32 ) )
     1435            {
    14291436                fireError( msgs, ERANGE );
    14301437                return READ_ERR;
Note: See TracChangeset for help on using the changeset viewer.