Spot the Bug - March 13, 2006

rsamona — Tue, 14 Mar 2006 07:00:00 GMT

It seems like more and more developers are making security mistakes when dealing with sockets. See if you can Spot the Bug.

void Socket_Setup(void)
{
WORD wVersionRequested;
WSADATA wsaData;
wVersionRequested = MAKEWORD( 2, 2 );
::WSAStartup(wVersionRequested, &wsaData);

SOCKET sTCPServer = ::socket(AF_INET, SOCK_STREAM, 0);
struct sockaddr_in saTCPServAddr;
saTCPServAddr.sin_family = AF_INET;
saTCPServAddr.sin_addr.S_un.S_addr = ::htonl(INADDR_ANY);
saTCPServAddr.sin_port = ::htons(5678);
int len = sizeof(saTCPServAddr);

int iFail =::bind(sTCPServer, (struct sockaddr*)&saTCPServAddr, len);
DWORD dwErr;
if(0 != iFail)
{
    dwErr = ::WSAGetLastError();
    printf("\n\t Error occured.\n");
    return;
}

iFail = ::listen(sTCPServer, 2);

struct sockaddr_in saClient;
int iClsize = sizeof(saClient);
SOCKET sClient = ::accept(sTCPServer, (struct sockaddr*)&saClient ,&iClsize);

char strData[1024];
::recv(sClient, strData, 1024, 0);

printf("\n\nRealServer--Data from client --- %s ---", strData);

::shutdown(sTCPServer, SD_BOTH);

::WSACleanup();

return;
}

Spot the Bug! : Spot the Bug

Spot the Bug - March 13, 2006