←back to thread

Resurrecting a dead torrent tracker and finding 3M peers

(kianbradley.com)
655 points k-ian | 1 comments | 17 Jun 25 17:40 UTC | HN request time: 0.303s | source
Show context
nneonneo ◴[17 Jun 25 19:20 UTC] No.44302842[source]
Now I'm wondering: with the wide range of bittorrent clients out there, and the fact that many are written in unsafe languages, could it be possible for some of them to be exploited through a malicious tracker? It would not surprise me if some of these clients misbehave if fed malformed data from a tracker.
replies(7): >>44304020 #>>44304055 #>>44304380 #>>44305278 #>>44305546 #>>44306010 #>>44306382 #
1. asa400 ◴[17 Jun 25 21:13 UTC] No.44304020[source]
I've written hobby-quality clients and I think the answer is yes. First, you're dealing with input from a server you don't control, and second, you're doing quite a bit of interaction with the filesystem. It's hard enough to write a functional client in a memory safe language, getting it correct in C or C++ is bound to be pretty tough.