套接字連接上的緩沖區溢出
[英]Buffer overflow on socket connection
問題描述
我在朋友的計算機上的套接字服務器上工作,並且一切正常,但是隨后我在計算機上執行了代碼,並且這樣引發了緩沖區溢出
*** buffer overflow detected ***: /home/erick/CLionProjects/AirWar++/cmake-build-debug/AirWar__ terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f906c5047e5]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f906c5a556c]
/lib/x86_64-linux-gnu/libc.so.6(+0x116570)[0x7f906c5a3570]
/lib/x86_64-linux-gnu/libc.so.6(+0x1169da)[0x7f906c5a39da]
我們正在使用Rapidjson庫發送數據,我不知道為什么如果完全相同的代碼在他的計算機上可以完美運行,為什么會發生這種情況,唯一的區別是我在VM上運行Ubuntu,而他在將Ubuntu作為主要操作系統。 非常感謝您的幫助,如果出現以下情況,代碼將失敗:
如果((valread = read(sd,buffer,1024))== 0)
int opt = TRUE;
int master_socket , addrlen , new_socket , client_socket[3] ,
max_clients = 3 , activity, i , valread , sd;
int max_sd;
struct sockaddr_in address;
void server::init() {
using namespace rapidjson;
char buffer[400];
//set of socket descriptors
fd_set readfds;
//initialise all client_socket[] to 0 so not checked
for (i = 0; i < max_clients; i++)
{
client_socket[i] = 0;
}
//create a master socket
if( (master_socket = socket(AF_INET , SOCK_STREAM , 0)) == 0)
{
perror("socket failed");
exit(EXIT_FAILURE);
}
//set master socket to allow multiple connections ,
//this is just a good habit, it will work without this
if( setsockopt(master_socket, SOL_SOCKET, SO_REUSEADDR, (char *)&opt,
sizeof(opt)) < 0 )
{
perror("setsockopt");
exit(EXIT_FAILURE);
}
//type of socket created
address.sin_family = AF_INET;
address.sin_addr.s_addr = inet_addr("192.168.100.19");//Write your IP
address.sin_port = htons( PORT );
//bind the socket to localhost port 8080
if (bind(master_socket, (struct sockaddr *)&address, sizeof(address))<0)
{
perror("bind failed");
exit(EXIT_FAILURE);
}
printf("Escuchando en el puerto %d \n", PORT);
//try to specify maximum of 3 pending connections for the master socket
if (listen(master_socket, 3) < 0)
{
perror("listen");
exit(EXIT_FAILURE);
}
//accept the incoming connection
addrlen = sizeof(address);
puts("Esperando conexiones ...");
while(TRUE)
{
//clear the socket set
FD_ZERO(&readfds);
//add master socket to set
FD_SET(master_socket, &readfds);
max_sd = master_socket;
//add child sockets to set
for ( i = 0 ; i < max_clients ; i++)
{
//socket descriptor
sd = client_socket[i];
//if valid socket descriptor then add to read list
if(sd > 0)
FD_SET( sd , &readfds);
//highest file descriptor number, need it for the select function
if(sd > max_sd)
max_sd = sd;
}
//wait for an activity on one of the sockets , timeout is NULL ,
//so wait indefinitely
activity = select( max_sd + 1 , &readfds , NULL , NULL , NULL);
if ((activity < 0) && (errno!=EINTR))
{
printf("select error");
}
//If something happened on the master socket ,
//then its an incoming connection
if (FD_ISSET(master_socket, &readfds))
{
if ((new_socket = accept(master_socket,
(struct sockaddr *)&address, (socklen_t*)&addrlen))<0)
{
perror("accept");
exit(EXIT_FAILURE);
}
//inform user of socket number
printf("Nueva conexion , socket fd %d , ip : %s , puerto : %d\n" , new_socket , inet_ntoa(address.sin_addr) , ntohs
(address.sin_port));
//send new connection message
//if( send(new_socket, "Conectado", strlen("Conectado"), 0) != strlen("Conectado") )
//{
// perror("send");
//}
//puts("Mensaje enviado con exito");//succesfully send
//add new socket to array of sockets
for (i = 0; i < max_clients; i++)
{
//if position is empty
if( client_socket[i] == 0 )
{
client_socket[i] = new_socket;
printf("Añadido a la lista de sockets como %d\n" , i);
break;
}
}
}
//else its some IO operation on some other socket
for (i = 0; i < max_clients; i++)
{
sd = client_socket[i];
if (FD_ISSET( sd , &readfds))
{
//Check if it was for closing , and read the message
if ((valread = read( sd , buffer, 1024)) == 0)
{
//Somebody disconnected , get his details and print
getpeername(sd , (struct sockaddr*)&address , \
(socklen_t*)&addrlen);
printf("Cliente desconectado , ip %s , port %d \n" ,
inet_ntoa(address.sin_addr) , ntohs(address.sin_port));
//Close the socket and mark as 0 in list for reuse
run=FALSE;
close( sd );
client_socket[i] = 0;
}
//Echo back the message that came in
else
{
//se eliminan dos caracteres nulos del buffer;
std::string m=buffer;
std::string s(m.substr(0,valread));
const char * json= s.c_str();
std::cout<<json;
Document d;
d.Parse(json);
Value& type=d["type"];
if(strcmp(type.GetString(),"shoot")==0){
stat= 5;//Dispara
}else if(strcmp(type.GetString(),"izq")==0){
//Mov. izquierda
stat= 4;
}else if(strcmp(type.GetString(),"der")==0){
//Mov. derecha
stat=6;
}else if(strcmp(type.GetString(),"arr")==0){
//Mov. arriba
stat=8;
}else if(strcmp(type.GetString(),"aba")==0){
//Mov. abajo
stat= 2;
}else{
stat=0;//Quieta
}
}
}
}
}
}
long server:: Send(const char * msg){
send(client_socket[0],msg,strlen(msg),0);
}
順便說一句,我們倆都使用CLion。 將等待您的幫助,謝謝!
2 個解決方案
解決方案1
3 已采納 2017-04-22 06:04:23
char buffer[400];
// ^^^
...
if ((valread = read( sd , buffer, 1024)) == 0)
// ^^^^
我討厭聽起來像個混蛋,但是錯誤消息是否提示您檢查正在讀取數據的緩沖區的大小?
還要注意,使用TCP讀取時,您可能無法在read()調用中獲得整個消息,因此buffer可能不會以null終止,這可能會在這里引起問題:
std::string m=buffer;
這行使我認為空終止符甚至可能不是消息的一部分(我們必須確保看到客戶端代碼):
send(client_socket[0],msg,strlen(msg),0);
解決方案2
0 2017-04-22 06:47:08
緩沖區溢出正好是它。
if ((valread = read( sd , buffer, 1024)) == 0)
在這里,您向操作系統說謊的時候,關於buffer的大小是400,而不是1024。這行代碼應該是
if ((valread = read( sd , buffer, sizeof buffer)) == 0)
並且還需要檢查它是否為-1。
UDP套接字緩沖區溢出檢測
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.