no infinite bitfield grow from malicious peers

index.js

@@ -4,6 +4,7 @@ var EventEmitter = require('events').EventEmitter
 var inherits = require('inherits')
 var Rusha = require('rusha-browserify') // Fast SHA1 (works in browser)
 
+var BITFIELD_GROW = 100000
 var PIECE_LENGTH = 16 * 1024
 
 function sha1 (buf) {
@@ -23,7 +24,11 @@ module.exports = function (metadata) {
     this._metadataSize = null
     this._remainingRejects = null // how many reject messages to tolerate before quitting
     this._fetching = false
-    this._bitfield = new BitField(0)
+
+    // The largest torrent that I know of (the Geocities archive) is ~641 GB and has
+    // ~41,000 pieces. Therefore, cap the bitfield to 100,000 bits so a malicious peer
+    // can't make it grow to fill all memory.
+    this._bitfield = new BitField(0, { grow: BITFIELD_GROW })
 
     if (Buffer.isBuffer(metadata)) {
       this._gotMetadata(metadata)
@@ -196,7 +201,8 @@ module.exports = function (metadata) {
   }
 
   ut_metadata.prototype._failedMetadata = function () {
-    this._bitfield = new BitField(0) // reset bitfield & try again
+    // reset bitfield & try again
+    this._bitfield = new BitField(0, { grow: BITFIELD_GROW })
     this._remainingRejects -= this._numPieces
     if (this._remainingRejects > 0) {
       this._requestPieces()

package.json

@@ -11,7 +11,7 @@
     "url": "https://github.com/feross/ut_metadata/issues"
   },
   "dependencies": {
-    "bitfield": "^0.2.0",
+    "bitfield": "^1.0.1",
     "bncode": "^0.5.0",
     "inherits": "^2.0.1",
     "rusha-browserify": "^0.7.3"