You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
recv(_clt_sock_fd, buf, 1024, 0);
std::cout << buf << std::endl;
if (strcmp(buf, "Hello from svr!") == 0) {
there is no guarantee that recv will null terminate buf, so strcmp could read past the end of the array.
recv returns how many bytes it returns, use that value for strncmp. the cout << buf is also problematic. You need to check the result of recv before doing either operation.
I don't know if you are avoiding using libraries, but boost has a nice c++ abstraction for sockets, which would be much more readable and help you avoid these type of things.
Since you are writing a server, this kind of bugs in the server could easily turn into a security vulnerability.
The text was updated successfully, but these errors were encountered:
This kind of code could lead to buffer overflow:
there is no guarantee that recv will null terminate buf, so strcmp could read past the end of the array.
recv returns how many bytes it returns, use that value for strncmp. the cout << buf is also problematic. You need to check the result of recv before doing either operation.
I don't know if you are avoiding using libraries, but boost has a nice c++ abstraction for sockets, which would be much more readable and help you avoid these type of things.
Since you are writing a server, this kind of bugs in the server could easily turn into a security vulnerability.
The text was updated successfully, but these errors were encountered: