You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the begining of krpc.go:handleRequest(), several unchecked type assertions are made to the values of the parsed bencoded udp packet.
(line 428) t := response["t"].(string)
(line 445) id := a["id"].(string)
... and others ...
An illegal packet that contains a bencode integer instead of a string in the id field would trigger a panic because the type assertion is not checked and recover() is not used. Therefore a malicious packet can crash the process.
I don't know how much of a problem this is though.
The text was updated successfully, but these errors were encountered:
At the begining of
krpc.go:handleRequest(), several unchecked type assertions are made to the values of the parsed bencoded udp packet.(line 428)
t := response["t"].(string)(line 445)
id := a["id"].(string)... and others ...
An illegal packet that contains a bencode integer instead of a string in the
idfield would trigger a panic because the type assertion is not checked and recover() is not used. Therefore a malicious packet can crash the process.I don't know how much of a problem this is though.
The text was updated successfully, but these errors were encountered: