Matt Joiner
Matt Joiner
@JamieSlome I reviewed your advisory. You may disclose this vulnerability here.
I would expect a "trust" flag or something when merging torrent specs would enable things like using torrent sources. Alternatively, based on some RFC, filter access to certain IP nets/hostnames....
I don't think it's sufficient. It could be possible to attack arbitrary network locations, even on the wider internet. I think that either use of the torrent sources should be...
I still think it's a grey area, but if you're looking to get started, let's go with filtering access to local subnets unless --allow-insecure or something is passed. Include a...
@0xrishabh any update on this?
statusLine occurs while holding the client lock. This could probably be done with an atomic, but it occurs so infrequently.
It would be much better with generics here. I don't think it's performance critical enough to worry about. If we move toward using generics for this, a small PR using...
I think you might be right. I have opinions about prematurely using unsigned integers. Piece index should be made to match whatever is addressable from bencode. That probably is uint32.
There's some difficulties in avoiding cyclic dependencies here with `metainfo`, `peer_protocol`, `types` and more.
This seems particularly easy to do if file priorities are moved on to Torrent, then a value-based File works fine (it's all read-only). Otherwise you need to adjust a lot...