From 0ca20a38c96ee951b8f94828cc6879e06d90b8bc Mon Sep 17 00:00:00 2001 From: arvidn Date: Fri, 26 Jul 2024 21:47:47 -0700 Subject: [PATCH] fix issue when closing a uTP connection with a close reason and picking up a nagle packet. This would corrupt the payload. --- src/utp_stream.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/utp_stream.cpp b/src/utp_stream.cpp index 7798f00088d..4f0b5f3b617 100644 --- a/src/utp_stream.cpp +++ b/src/utp_stream.cpp @@ -1816,7 +1816,7 @@ bool utp_socket_impl::send_pkt(int const flags) // for non MTU-probes, use the conservative packet size int const effective_mtu = mtu_probe ? m_mtu : m_mtu_floor; - std::uint32_t const close_reason = static_cast(m_close_reason); + std::uint32_t close_reason = static_cast(m_close_reason); int sack = 0; if (m_inbuf.size()) @@ -1918,7 +1918,7 @@ bool utp_socket_impl::send_pkt(int const flags) int const packet_size = header_size + payload_size; p->size = std::uint16_t(packet_size); - p->header_size = std::uint16_t(packet_size - payload_size); + p->header_size = std::uint16_t(header_size); p->num_transmissions = 0; #if TORRENT_USE_ASSERTS p->num_fast_resend = 0; @@ -1973,6 +1973,10 @@ bool utp_socket_impl::send_pkt(int const flags) else sack = 0; + // we should not add or update a close reason extension header on a + // nagle packet. It's a bit tricky to get all the cases right. + close_reason = 0; + std::int32_t const size_left = std::min({ p->allocated - p->size , m_write_buffer_size @@ -2023,6 +2027,7 @@ bool utp_socket_impl::send_pkt(int const flags) *ptr++ = utp_no_extension; *ptr++ = 4; detail::write_uint32(close_reason, ptr); + TORRENT_ASSERT(ptr <= p->buf + p->header_size); } if (m_bytes_in_flight > 0