Socket in C: recv overwrite a char[]
Posted
by Possa
on Stack Overflow
See other posts from Stack Overflow
or by Possa
Published on 2010-05-26T09:01:45Z
Indexed on
2010/05/26
9:21 UTC
Read the original article
Hit count: 389
Hi all,
I'm trying to make a little client-server script like many others that I've done in the past.
But in this one I have a problem. It is better if I post the code and the output it give me.
Code:
#include <mysql.h> //not important now
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <string.h>
//constant definition
#define SERVER_PORT 2121
#define LINESIZE 21
//global var definition
char victim_ip[LINESIZE], file_write[LINESIZE], hacker_ip[LINESIZE];
//function
void leggi (int); //not use now for debugging purpose
//void scriviDB (); //not important now
main () {
int sock, client_len, fd;
struct sockaddr_in server, client;
// transport end point
if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("system call socket fail");
exit(1);
}
server.sin_family = AF_INET;
server.sin_addr.s_addr = inet_addr("10.10.10.1");
server.sin_port = htons(SERVER_PORT);
// binding address at transport end point
if (bind(sock, (struct sockaddr *)&server, sizeof server) == -1) {
perror("system call bind fail");
exit(1);
}
//fprintf(stderr, "Server open: listening.\n");
listen(sock, 5);
/* managae client connection */
while (1) {
client_len = sizeof(client);
if ((fd = accept(sock, (struct sockaddr *)&client, &client_len)) < 0)
{ perror("accepting connection"); exit(1); }
strcpy(hacker_ip, inet_ntoa(client.sin_addr));
printf("1 %s\n", hacker_ip); //debugging purpose
//leggi(fd);
//////////////////////////
//receive client
recv(fd, victim_ip, LINESIZE, 0);
victim_ip[sizeof(victim_ip)] = '\0';
printf("2 %s\n", hacker_ip); //debugging purpose
recv(fd, file_write, LINESIZE, 0);
file_write[sizeof(file_write)] = '\0';
printf("3 %s\n", hacker_ip); //debugging purpose
printf("%s@%s for %s\n", file_write, victim_ip, hacker_ip);
//send to client
send(fd, hacker_ip, 40, 0); //now is hacker_ip for debug
/////////////////////////
close(fd);
}//end while
exit(0);
} //end main
Client send string: ./send -i 10.10.10.4 -f filename.ext
so the script send -i (IP) and -f (FILE) at the server.
Here's my output server side:
1 10.10.10.6
2 10.10.10.6
3
[email protected] for
As you can see the printf(3) and the printf(ip,file,ip) fail.
I don't know how and where but someone overwrite my hacker_ip string.
Thanks for your help! :)
© Stack Overflow or respective owner
