Monday, March 13, 2006 9:00 PM
rsamona
Spot the Bug - March 13, 2006
It seems like more and more developers are making security mistakes when dealing with sockets. See if you can Spot the Bug.
void Socket_Setup(void)
{
WORD wVersionRequested;
WSADATA wsaData;
wVersionRequested = MAKEWORD( 2, 2 );
::WSAStartup(wVersionRequested, &wsaData);
SOCKET sTCPServer = ::socket(AF_INET, SOCK_STREAM, 0);
struct sockaddr_in saTCPServAddr;
saTCPServAddr.sin_family = AF_INET;
saTCPServAddr.sin_addr.S_un.S_addr = ::htonl(INADDR_ANY);
saTCPServAddr.sin_port = ::htons(5678);
int len = sizeof(saTCPServAddr);
int iFail =::bind(sTCPServer, (struct sockaddr*)&saTCPServAddr, len);
DWORD dwErr;
if(0 != iFail)
{
dwErr = ::WSAGetLastError();
printf("\n\t Error occured.\n");
return;
}
iFail = ::listen(sTCPServer, 2);
struct sockaddr_in saClient;
int iClsize = sizeof(saClient);
SOCKET sClient = ::accept(sTCPServer, (struct sockaddr*)&saClient ,&iClsize);
char strData[1024];
::recv(sClient, strData, 1024, 0);
printf("\n\nRealServer--Data from client --- %s ---", strData);
::shutdown(sTCPServer, SD_BOTH);
::WSACleanup();
return;
}
