From 03798c1c0ddfbbf7e738649369c68717585a3af4 Mon Sep 17 00:00:00 2001
From: Feross Aboukhadijeh <feross@feross.org>
Date: Sat, 19 Apr 2014 18:12:44 -0700
Subject: [PATCH] no infinite bitfield grow from malicious peers

---
 index.js     | 10 ++++++++--
 package.json |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/index.js b/index.js
index 4c96881..551fa3c 100644
--- a/index.js
+++ b/index.js
@@ -4,6 +4,7 @@ var EventEmitter = require('events').EventEmitter
 var inherits = require('inherits')
 var Rusha = require('rusha-browserify') // Fast SHA1 (works in browser)
 
+var BITFIELD_GROW = 100000
 var PIECE_LENGTH = 16 * 1024
 
 function sha1 (buf) {
@@ -23,7 +24,11 @@ module.exports = function (metadata) {
     this._metadataSize = null
     this._remainingRejects = null // how many reject messages to tolerate before quitting
     this._fetching = false
-    this._bitfield = new BitField(0)
+
+    // The largest torrent that I know of (the Geocities archive) is ~641 GB and has
+    // ~41,000 pieces. Therefore, cap the bitfield to 100,000 bits so a malicious peer
+    // can't make it grow to fill all memory.
+    this._bitfield = new BitField(0, { grow: BITFIELD_GROW })
 
     if (Buffer.isBuffer(metadata)) {
       this._gotMetadata(metadata)
@@ -196,7 +201,8 @@ module.exports = function (metadata) {
   }
 
   ut_metadata.prototype._failedMetadata = function () {
-    this._bitfield = new BitField(0) // reset bitfield & try again
+    // reset bitfield & try again
+    this._bitfield = new BitField(0, { grow: BITFIELD_GROW })
     this._remainingRejects -= this._numPieces
     if (this._remainingRejects > 0) {
       this._requestPieces()
diff --git a/package.json b/package.json
index dae73d2..2a98a24 100644
--- a/package.json
+++ b/package.json
@@ -11,7 +11,7 @@
     "url": "https://github.com/feross/ut_metadata/issues"
   },
   "dependencies": {
-    "bitfield": "^0.2.0",
+    "bitfield": "^1.0.1",
     "bncode": "^0.5.0",
     "inherits": "^2.0.1",
     "rusha-browserify": "^0.7.3"