search

rakshasa / rtorrent

rTorrent BitTorrent client
https://github.com/rakshasa/rtorrent/wiki
GNU General Public License v2.0
4.07k stars 408 forks source link

rtorrent crahes upon invalid XMLRPC logic #854

Open lps-rocks opened 5 years ago

lps-rocks commented 5 years ago

rTorrent can be crashed by sending invalid logic through XMLRPC interface. Issuing a d.multicall with an f. parameter causes rTorrent to crash unconditionally. XMLRPC commands should never cause a crash. They should be handled gracefully and an error returned to the connecting client. using python xmlrpc.client library

import xmlrpc.client
server = xmlrpc.client.ServerProxy("http://127.0.0.1/rutorrent/plugins/rpc/rpc.php")
server.d.multicall("", "d.hash=", "d.is_multi_file=", "f.get_path=")

results in rTorrent crashing with

terminate called after throwing an instance of 'std::logic_error'
what():  basic_string::_M_construct null not valid
Aborted
kannibalox commented 11 months ago

It turns out you could do the same crash with just rtxmlrpc f.path <hash>, looks like the target type check for files isn't actually using the template like the other targets.