Jump to content
  • Advertisement
Sign in to follow this  

some newbie questions

This topic is 4523 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi, I just started reading "Unix Network Programming" and had a couple newbie questions. First, they give a small server program that returns the time and date. Basically, there is an infinite loop like this: for(;;) { connfd = accept(listenfd, (SA*)NULL, NULL); ticks = time(NULL); snprintf(buff, sizeof(buff), "%.24s\r\n", ctime(&ticks)); write(connfd, buff, strlen(buff)); close(connfd); } Is the point of the infinite loop just that the program is forever checking for clients making connections? I take it the "close" function just closes the connection and not the program. The book also gave a client program that connects to the server. How does one make their computer a server? Could I run the above server program, give my friend my IP address and also give him the client program, and would he be able to connect to me provided we are both online? The book also mentions that some networks have been broken into by causing the server to overflow its buffer. How does this work? Wouldn't the server just handle the overflow error and move on? How does this help a hacker?

Share this post


Link to post
Share on other sites
Advertisement
Yes, the loop just loops forever, servicing one client at a time.

Your computer can turn into a server if you have a publicly visible IP address. If there is a firewall or NAT router between you and the internet (most cable and DSL "routers" are NAT these days), then your computer may not actually be visible from the internet -- that's what a firewall does, after all. For more links, see the Forum FAQ.

If someone sends more data than the other end expects, then a well written program will just deal with the error and move on. However, a sloppily written program (or one with some design or implementation mistake) may actually not detect the error, but instead let the other end overwrite random stuff on the stack. If the other end knows what software you're running, you can actually reverse-engineer the program, and write a little bit of code straight into the stack, and overwrite the return address of the receiving function, so it jumps back into the code you wrote in the stack -- letting the remote end execute arbitrary code on your computer.

For an example of poorly written code:


int do_one_packet( int socket )
{
int size = 0;
int err = recv( socket, &size, sizeof( size ), 0 ); // receive packet size
if( err < 0 ) return -1;
char packet[512]; // our protocol will never use packets larger than 512 bytes
// *** insert fix here
int err2 = recv( socket, packet, size, 0 );
if( err2 < 0 ) return -1;
return handle_packet( packet, size );
}


This code will allow a buffer overwrite in the second recv(), because if someone sends more than 256 bytes (with the appropriate length), then the "packet" buffer will be overflowed, and whatever else is on the stack (i e, the return address etc) will be overwritten.

To fix this particular problem, you'd probably insert the following line at the three asterisks:


if( size > 512 || size < 0 ) return handle_out_of_sync();


Because a "size" that's bigger than 512 means that the other end isn't speaking the same protocol you are (or there's a bug somewhere, or someone's being malicious). (In the protocol, you'd probably also make the size field unsigned).

Note that the first version of the fixed code I wrote didn't test for size<0 -- thus still opening itself up for a potential buffer overrun, although most kernels actually will do sufficient error checking to not let that call through. Some might not, though. See how easy it is to slip in a potential buffer overflow?

Share this post


Link to post
Share on other sites
Thanks for the reply.

Quote:

Your computer can turn into a server if you have a publicly visible IP address. If there is a firewall or NAT router between you and the internet (most cable and DSL "routers" are NAT these days), then your computer may not actually be visible from the internet -- that's what a firewall does, after all. For more links, see the Forum FAQ.


Okay I saw you can rent servers. For testing/debugging purposes, would it work to run the server program on your own PC, and then just specify your own IP address and run the client program from your own PC also?

Share this post


Link to post
Share on other sites
Yes, that will work. You may also be able to set up port forwarding or a DMZ on your router to make your PC visible from the greater Internet.

Share this post


Link to post
Share on other sites
Quote:
Original post by Quat
Thanks for the reply.

Quote:

Your computer can turn into a server if you have a publicly visible IP address. If there is a firewall or NAT router between you and the internet (most cable and DSL "routers" are NAT these days), then your computer may not actually be visible from the internet -- that's what a firewall does, after all. For more links, see the Forum FAQ.


Okay I saw you can rent servers. For testing/debugging purposes, would it work to run the server program on your own PC, and then just specify your own IP address and run the client program from your own PC also?


use the address 127.0.0.1 for testing. it will always connect to your own computer, its called the loopback address

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!