Hi!
I'm learning about buffer overflows! I writted a simple server, so I can see how remote buffer overflows work, but there is a problem! When recv(); recives data, the third recv(); argument specifies how much data it will recive, just like strncpy(); - how much data will be copied! Does this server is vuln. to buffer overflow's if I don't use strcpy();?
Thank you!Code:#include <stdlib.h> #include <sys/socket.h> #include <netinet/in.h> int main(){ char buffer[10]; struct sockaddr_in server; int addr_len, sock, sock_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); server.sin_family = AF_INET; server.sin_port = htons(100); server.sin_addr.s_addr = INADDR_ANY; bind(sock_fd, (struct sockaddr*)&server, sizeof(server)); listen(sock_fd, 10); while(1){ addr_len = sizeof(server); sock = accept(sock_fd, (struct sockaddr*)&server, &addr_len); while(1){ recv(sock, buffer, sizeof(buffer), 0); if(strncmp("quit", buffer, 4) == 0){ close(sock); break; } } } return 0; }
Reply With Quote