Abstract: BitTorrent, a peer-to-peer file sharing system, employs Bencode as encoding schema for storing and transmitting loosely structured data. The widely-used recursive implementation of Bencode, however, makes BitTorrent vulnerable, a specially-designed torrent file or BitTorrent message leads to stack-overflow of BitTorrent clients. Experimental results suggest that about 39.1% BitTorrent clients, such as Xunlei（MiniXunlei）, BitSpirit, BitComet, FlashGet, and TuoTu, are vulnerable to this remote crash attack. Things are worse since this attack is very efficient and can be easily launched at three stages of BitTorrent protocol. In this paper, a solution is also proposed to solve this problem.

Key words: BitTorrent system, Bencode, stack-overflow, remote crash

摘要： Bittorrent（BT）作为一种流行的P2P文件共享系统，其torrent文件以及扩展协议中的相关消息都是采用Bencode的编码方式。最初的Bittorrent系统是用python实现的，其中的Bencode编解码采用了递归的方式，后续的很多BT客户端实现都直接拷贝了这种方式。这就为针对Bencode编码实现的攻击提供了可能。首先构造了有一定递归深度的torrent文件以及扩展协议中的消息，实验发现对当前主流的BT客户端：比特精灵、迅雷（迷你迅雷）、比特彗星、FlashGet和TuoTu都会造成系统的崩溃。根据上述BT客户端的占有率，可知此种攻击全球覆盖率可达39.1%，对国内会达到70%以上。这是一种很有效的针对torrent以及swarm的攻击手段。最后给出此种攻击手段的防御手段。

关键词: BitTorrent系统, Bencode编码, 堆栈溢出, 远程攻击