Recent Posts

Archives

Topics


« | Main | »

Review-A-Tracker-Team

By erdgeist | December 11, 2007

Six days ago – on December 5th – opentracker celebrated its first birthday, just two days before officially becoming the tracker handling most tracker requests on earth. During that year openracker already handled several billions http connections in what can only be described as the hardest fuzzing attack ever done to a software (:

However, becoming so huge and being so exposed brings its risks. opentracker is written in plain C and handles strings. Strings that have been sent through the internet. So we kindly ask the community to help us make the code more secure by reviewing critical parts of it. Especially the part that parses URIs is a natural point to start looking into.

So if you are experienced in C, serious about helping to review or just need some explanation on opentrackers rougher edges, feel free to contact us at code@denis.stalker.h3q.com. We do also appreciate patches that fix bugs and warnings on operating systems we have not tested opentracker on and source packages for certain package distribution systems.

Topics: coding, tech | 3 Comments »

3 Responses to “Review-A-Tracker-Team”

  1. Astro Says:
    December 11th, 2007 at 10:09 pm

    Do you have a test suite or simple client for quick modification? Do you welcome patches for v6 support?

  2. erdgeist Says:
    December 12th, 2007 at 12:45 am

    There is a simple script that fills my tracker, when -DWANT_IP_FROM_QUERY_STRING is enabled. You can find it here:

    https://erdgeist.org/cvsweb/opentracker/tests/testsuite.sh

    Patches for v6 are welcome as soon as there is a sane specification when to deliver v6 peers to whom and a compact-format that supports v6. The way v6 support currently is expected to work plainly sucks. I will write a blog update that addresses v6 support, soon.

  3. 婚紗攝影 Says:
    May 19th, 2008 at 11:42 am

    The way v6 support currently is expected to work plainly sucks.