07-26-2023, 09:58 PM
I'm introducing myself to socket programming in C/C++, and am using `send()` and `recv()` to exchange data between a client and server program over `TCP` sockets.
Here are some relevant excerpts from my code:
**server.c**:
char recv_data[1024];
// Socket setup and so on ommited...
bytes_recieved = recv(connected, recv_data, 1024, 0);
recv_data[bytes_recieved] = '\0';
**client.c:**
char send_data[1024];
// Setup ommited...
send(connected, send_data, strlen(send_data), 0);
Does `recv()` itself provide any protection against buffer overflows? For instance if I changed the 3rd argument to `recv()` to something higher than the buffer pointed to by `recv_data` (e.g. 4000) - would this cause a buffer overflow? (I've actually tried doing this, but can't seem to trigger a segfault).
I'm actually trying to create an intentionally vulnerable server program to better understand these issues, which is why I've tried to overflow via `recv()`.
**Amendment**:
Not unrelated, would be finding out why `client.c` above would ever send more than the `1024` bytes specified by `strlen(send_data)`. I'm using `gets(send_data)` to populate that buffer from standard input, but if I enter many more than 1024 bytes via standard in, the `server.c` program shows that it receives ALL THE BYTES! :). Does the `strlen(send_data)` for `send()` not restrict the number of bytes sent?
Here are some relevant excerpts from my code:
**server.c**:
char recv_data[1024];
// Socket setup and so on ommited...
bytes_recieved = recv(connected, recv_data, 1024, 0);
recv_data[bytes_recieved] = '\0';
**client.c:**
char send_data[1024];
// Setup ommited...
send(connected, send_data, strlen(send_data), 0);
Does `recv()` itself provide any protection against buffer overflows? For instance if I changed the 3rd argument to `recv()` to something higher than the buffer pointed to by `recv_data` (e.g. 4000) - would this cause a buffer overflow? (I've actually tried doing this, but can't seem to trigger a segfault).
I'm actually trying to create an intentionally vulnerable server program to better understand these issues, which is why I've tried to overflow via `recv()`.
**Amendment**:
Not unrelated, would be finding out why `client.c` above would ever send more than the `1024` bytes specified by `strlen(send_data)`. I'm using `gets(send_data)` to populate that buffer from standard input, but if I enter many more than 1024 bytes via standard in, the `server.c` program shows that it receives ALL THE BYTES! :). Does the `strlen(send_data)` for `send()` not restrict the number of bytes sent?