Comment by jorkingit

2 days ago

Great work! Just an FYI, you might want to limit the dynamic allocation size in the bencode decoder: since it's untrusted input (either from torrent or announce), a malicious input could DoS the client by requesting extremely large allocations during string parsing. A good upper bound could be the remaining length of the input, as a well formed torrent can't contain a string longer than the rest of the file.

2 comments

jorkingit

Reply
piyushgupta53  2 days ago

thanks for pointing this out. I've added this in my to-dos.

  • indrora  2 days ago

    You might look into (if you only care about reading it) writing the bencode decoder using Kaitai Struct [0] to avoid some of the common pitfalls.

    [0]: kaitai.io