Hi, I noticed a bug in the bittorent protocol code while trying to get an ISO from http://torrents.gentoo.org/.
Here is a fix for it. 1) Before the uri was put on the stack and the access that uri later may trash the stack. 2) done_uri expects that uri->string is not NULL, so uri->string points to "". Witek diff --git a/src/protocol/bittorrent/peerconnect.c b/src/protocol/bittorrent/peerconnect.c index aeafbf3..3ac5baa 100644 --- a/src/protocol/bittorrent/peerconnect.c +++ b/src/protocol/bittorrent/peerconnect.c @@ -271,7 +271,7 @@ enum bittorrent_state make_bittorrent_peer_connection(struct bittorrent_connection *bittorrent, struct bittorrent_peer *peer_info) { - struct uri uri; + struct uri *uri; struct bittorrent_peer_connection *peer; unsigned char port[5]; @@ -296,14 +296,15 @@ make_bittorrent_peer_connection(struct bittorrent_connection *bittorrent, /* FIXME: Rather change the make_connection() interface. This is an ugly * hack. */ /* FIXME: Set the ipv6 flag iff ... */ - memset(&uri, 0, sizeof(uri)); - uri.protocol = PROTOCOL_BITTORRENT; - uri.host = peer_info->ip; - uri.hostlen = strlen(peer_info->ip); - uri.port = port; - uri.portlen = snprintf(port, sizeof(port), "%u", peer_info->port); - - make_connection(peer->socket, &uri, send_bittorrent_peer_handshake, 1); + uri = mem_calloc(1, sizeof(*uri)); + uri->protocol = PROTOCOL_BITTORRENT; + uri->host = peer_info->ip; + uri->hostlen = strlen(peer_info->ip); + uri->port = port; + uri->portlen = snprintf(port, sizeof(port), "%u", peer_info->port); + uri->string = ""; + + make_connection(peer->socket, uri, send_bittorrent_peer_handshake, 1); return BITTORRENT_STATE_OK; } _______________________________________________ elinks-dev mailing list elinks-dev@linuxfromscratch.org http://linuxfromscratch.org/mailman/listinfo/elinks-dev