Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix theWebUI.getTrackerName to reject invalid announcelist items #2641

Merged
merged 1 commit into from
Mar 16, 2024
Merged

Fix theWebUI.getTrackerName to reject invalid announcelist items #2641

merged 1 commit into from
Mar 16, 2024

Conversation

anthonyryan1
Copy link
Contributor

@anthonyryan1 anthonyryan1 commented Mar 12, 2024
edited
Loading

In public trackers with long announce-lists, there can be a rather large number of valid and invalid trackers. Examples of trackers seen in the wild include "0", "announce", "dht" (rather than "dht://") which rtorrent discards as invalid.

The regex already had a group checking for the division between protocol and domain "://" but it was marked as optional.

By making it mandatory so that malformed announce urls are skipped as expected, we can parse invalid names without errors.

Without this fix, the trackerlabels plugin stops working if any torrent contains a seriously malformed domain.

These lines demonstrate the problem:

announce = "dht";
// Note this is the old regex
parts = announce.match(/^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/);
if(parts && (parts.length>6))
{
	domain = parts[6];
	// Error "domain is undefined", because parts[6] was undefined
	domain.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
}

@anthonyryan1
Fix theWebUI.getTrackerName to reject invalid announcelist items
4bcaa55 
In public trackers with long announce-lists, there can be a rather
large number of valid and invalid trackers. Examples of trackers
seen in the wild include "0", "announce", "dht" (rather than "dht://")
which rtorrent discards as invalid.

The regex already had a group checking for the division between
protocol and domain "://" but it was marked as optional.

By making it mandatory so that malformed announce urls are skipped
as expected, we can parse invalid names without errors.

Without this fix, the trackerlabels plugin stops working if any
torrent contains a seriously malformed domain.

These lines demonstrate the problem:

```js
announce = "dht";
// Note this is the old regex
parts = announce.match(/^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/);
if(parts && (parts.length>6))
{
	domain = parts[6];
	// Error "domain is undefined", because parts[6] was undefined
	domain.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
}
```
@stickz stickz merged commit 0f97dc6 into Novik:develop Mar 16, 2024
@stickz
Copy link
Collaborator

stickz commented Mar 16, 2024

LTGM. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anthonyryan1 @stickz