From 0ce5a4c66435b6e7ff77c2d6a5d1a199c5be7379 Mon Sep 17 00:00:00 2001 From: arvidn Date: Mon, 23 May 2016 22:46:46 -0400 Subject: [PATCH] improve robustness in natpmp code a bit --- include/libtorrent/natpmp.hpp | 8 ++++---- src/natpmp.cpp | 10 ++++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/include/libtorrent/natpmp.hpp b/include/libtorrent/natpmp.hpp index f4b2be886..cc1a2a710 100644 --- a/include/libtorrent/natpmp.hpp +++ b/include/libtorrent/natpmp.hpp @@ -133,7 +133,7 @@ private: log_callback_t m_log_callback; std::vector m_mappings; - + // the endpoint to the nat router udp::endpoint m_nat_endpoint; @@ -145,7 +145,7 @@ private: // current retry count int m_retry_count; - // used to receive responses in + // used to receive responses in char m_response_buffer[16]; // router external IP address @@ -153,7 +153,7 @@ private: // the endpoint we received the message from udp::endpoint m_remote; - + // the udp socket used to communicate // with the NAT router udp::socket m_socket; @@ -167,7 +167,7 @@ private: // the mapping index that will expire next int m_next_refresh; - + bool m_disabled; bool m_abort; diff --git a/src/natpmp.cpp b/src/natpmp.cpp index 44d4e4e94..e107fa985 100644 --- a/src/natpmp.cpp +++ b/src/natpmp.cpp @@ -127,7 +127,8 @@ void natpmp::start() #if defined TORRENT_ASIO_DEBUGGING add_outstanding_async("natpmp::on_reply"); #endif - m_socket.async_receive_from(boost::asio::buffer(&m_response_buffer, 16) + m_socket.async_receive_from(boost::asio::buffer(&m_response_buffer[0] + , sizeof(m_response_buffer)) , m_remote, boost::bind(&natpmp::on_reply, self(), _1, _2)); send_get_ip_address_request(l); @@ -433,10 +434,11 @@ void natpmp::on_reply(error_code const& e #endif // make a copy of the response packet buffer // to avoid overwriting it in the next receive call - char msg_buf[16]; + char msg_buf[sizeof(m_response_buffer)]; memcpy(msg_buf, m_response_buffer, bytes_transferred); - m_socket.async_receive_from(boost::asio::buffer(&m_response_buffer, 16) + m_socket.async_receive_from(boost::asio::buffer(&m_response_buffer[0] + , sizeof(m_response_buffer)) , m_remote, boost::bind(&natpmp::on_reply, self(), _1, _2)); // simulate packet loss @@ -485,7 +487,7 @@ void natpmp::on_reply(error_code const& e } - if (bytes_transferred < 16) + if (bytes_transferred != 16) { char msg[200]; snprintf(msg, sizeof(msg), "received packet of invalid size: %d", int(bytes_transferred));