Buffer overflow rtorrent 0.9.8

[pandamasta]

Hello,

My rtorrent client crash sporadicaly on Debian 12

rtorrent -h
Rakshasa's BitTorrent client version 0.9.8.

Caught internal_error: Handshake::fill_read_buffer(...) Buffer overflow.
/lib/x86_64-linux-gnu/libtorrent.so.21(_ZN7torrent14internal_error10initializeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x250) [0x749740bd6c80]
rtorrent(_ZN7torrent14internal_errorC1EPKc+0xaf) [0x6059a2de2f8f]
/lib/x86_64-linux-gnu/libtorrent.so.21(+0x379ba) [0x749740bcc9ba]
/lib/x86_64-linux-gnu/libtorrent.so.21(+0xa9afa) [0x749740c3eafa]
/lib/x86_64-linux-gnu/libtorrent.so.21(_ZN7torrent9PollEPoll7performEv+0xca) [0x749740bdfd3a]
/lib/x86_64-linux-gnu/libtorrent.so.21(_ZN7torrent11thread_base10event_loopEPS0_+0x115) [0x749740c0d195]
rtorrent(+0x41a4e) [0x6059a2d7aa4e]
/lib/x86_64-linux-gnu/libc.so.6(+0x2724a) [0x74974064624a]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x85) [0x749740646305]
rtorrent(+0x422da) [0x6059a2d7b2da]

Please let me know how can I help on this by providing more helpful trace

Regards

[rakshasa]

Can you compile libtorrent/rtorrent from master branch?

[Abasz]

I tried to compile master branch but I am not able to complete the configure because I get the following error:

.in'ig.status: error: cannot find input file: `

EDIT: I was able to solve the .in'ig status issue. It turns out that for some reason the line endings on my Ubuntu 24.04 had to be fixed... after running dos2unix on the configure.ac it is able to do the configuration.

However, now when compiling I get a lot of errors like here: https://github.com/rakshasa/rtorrent/issues/1273

Though I think libtorrent is correctly compiled and installed.

[Abasz]

Ok, after some trial error I was able to compile. libtorrent was not installed correctly. Actually my struggle was that I installed from official ubuntu PPA a version of rtorrent that got conflicted. So after I removed every trace of rtorrent, and recompiled everything in order all worked.

Just a side note: for some reason I had to run dos2unix on every automake/autoconfig file (otherwise I was getting random autoconf errors). I used the following commands from the rtorrent/libtorrent directory:

find . -name \*.m4|xargs dos2unix
find . -name \*.ac|xargs dos2unix
find . -name \*.am|xargs dos2unix

after that atuoreconf -vif worked.

[pandamasta]

Hello,

So please follow what I did to build libtorrent and rtorrent. I guess I use the last libtorrent and rtorrent

It's my first build like that so any feedback are welcome :)

i'm waiting the next crash (if it's happen)

*** rTorrent 0.9.8/0.13.8 ***

Prepare working directory and dependancy

mkdir -p ~/rtorrent_build/{libtorrent_install,rtorrent_install}

sudo apt-get update
sudo apt-get install build-essential pkg-config libtool automake libssl-dev libcurl4-openssl-dev libxmlrpc-c++8-dev libxmlrpc-core-c3-dev libncurses5-dev libncursesw5-dev

Build libtorrent

cd ~/rtorrent_build
git clone https://github.com/rakshasa/libtorrent.git
cd libtorrent

autoreconf -i
./configure --prefix=$HOME/rtorrent_build/libtorrent_install
make
make install

Build rtorrent

cd ~/rtorrent_build
git clone https://github.com/rakshasa/rtorrent.git
cd rtorrent

Configure rTorrent with support of libtorrent and xmlrpc-c

export CFLAGS="-I$HOME/rtorrent_build/libtorrent_install/include"
export LDFLAGS="-L$HOME/rtorrent_build/libtorrent_install/lib"
export PKG_CONFIG_PATH=$HOME/rtorrent_build/libtorrent_install/lib/pkgconfig:$PKG_CONFIG_PATH

autoreconf -i

./configure --prefix=$HOME/rtorrent_build/rtorrent_install --with-xmlrpc-c

make
make install

Use compiled version of libtorrent and rtorrent

export PATH=$HOME/rtorrent_build/rtorrent_install/bin:$PATH
export LD_LIBRARY_PATH=$HOME/rtorrent_build/libtorrent_install/lib:$LD_LIBRARY_PATH
export PKG_CONFIG_PATH=$HOME/rtorrent_build/libtorrent_install/lib/pkgconfig:$PKG_CONFIG_PATH

Ensure the compiled version is prioretized

which rtorrent
~/rtorrent_build/rtorrent_install/bin/rtorrent

ldd ~/rtorrent_build/rtorrent_install/bin/rtorrent | grep libtorrent
        libtorrent.so.21 => ~/rtorrent_build/libtorrent_install/lib/libtorrent.so.21 (0x000071ca0415b000)

[pandamasta]

Hello;

I crash again. How could I proceed to spot this segfault in the code ?

Caught internal_error: Handshake::fill_read_buffer(...) Buffer overflow.
/home/rtorrent_build/libtorrent_install/lib/libtorrent.so.21(_ZN7torrent14internal_error10initializeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x5f) [0x7520c31b820f]
rtorrent(_ZN7torrent14internal_errorC1EPKc+0x76) [0x58ae228c7f46]
/home/rtorrent_build/libtorrent_install/lib/libtorrent.so.21(+0x3c9c6) [0x7520c31839c6]
/home/rtorrent_build/libtorrent_install/lib/libtorrent.so.21(+0xaee3c) [0x7520c31f5e3c]
/home/rtorrent_build/libtorrent_install/lib/libtorrent.so.21(_ZN7torrent9PollEPoll7performEv+0xca) [0x7520c31bf11a]
/home/rtorrent_build/libtorrent_install/lib/libtorrent.so.21(_ZN7torrent11thread_base10event_loopEPS0_+0x12a) [0x7520c31b46aa]
rtorrent(+0x38ab5) [0x58ae228c0ab5]
/lib/x86_64-linux-gnu/libc.so.6(+0x2724a) [0x7520c2c4624a]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x85) [0x7520c2c46305]
rtorrent(+0x393e1) [0x58ae228c13e1]

[Abasz]

So I experienced this issue only on Ubuntu 24.04.01 (i.e. Noble).

Based on this issue report: https://bugs.launchpad.net/ubuntu/+source/rtorrent/+bug/2063110 together with some debug logging I traced the issue down to this line: https://github.com/rakshasa/rtorrent/blob/d067bd802e44f0e6a747aabcc311ada2175fd550/src/utils/lockfile.cc#L101

Which was of course a slight reinventing of the wheel as this fas fixed in this commit: https://github.com/rakshasa/rtorrent/commit/92bec88d0904bfb31c808085c2fd0f22d0ec8db7

So if you compile latest master correctly I think your issue should be resolved.