DC++ 0.75 and older vulnerable to bzip2 filelist bomb

DC++ 0.75 and earlier can be remotely crashed via either bzip2 filelists (example filelist) or hublists (themselves compressed with bzip2). Such list downloads can be automatically triggered by automatic searches for alternate sources, so explicit user action is unnecessary [1]. Not every client seems to crash; the precise dependence on operating system or other factors remains unclear. However, crashes have been observed using both Windows XP and Windows 7.

As before, updating network-facing software remains important. Equally importantly, DC++ mod authors should attempt to update in a timely manner such as to avoid exposing their users to this bug.

[1] To catch a large number of clients in a hub in a relatively short period of time with no manual intervention, listen for searches (especially TTH searches) and always respond positively, such that clients try autosearching for alternate sources. Other tricks are possible as well, of course.

2 Responses to DC++ 0.75 and older vulnerable to bzip2 filelist bomb

  1. djoffset says:

    http://msdn.microsoft.com/en-us/magazine/cc300794.aspx#fig1

    The example filelist is 1GB large, and on a 32bit windows OS each process has a maximum of 2GB memory allocated for a process. Hitting that limit will certainly crash DC++.

    • poy says:

      would crash old DC++, but recent ones have fixed this: the file list is never fully loaded into memory, it is instead read as a stream.

Leave a Reply to djoffset Cancel reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: