Can `recv ()` cause a buffer overflow?

Question

Can `recv ()` cause a buffer overflow?

I imagine myself programming sockets in C / C ++ and use send()it recv()to exchange data between the client and server programs through sockets TCP.

Here are some excerpts from my code:

server.c

char recv_data[1024];

// Socket setup and so on ommited...

bytes_recieved = recv(connected, recv_data, 1024, 0);
recv_data[bytes_recieved] = '\0';

client.c:

char send_data[1024];

// Setup ommited...

send(connected, send_data, strlen(send_data), 0);

Does recv()any protection against buffer overflows? For example, if I change the 3rd argument to recv()something larger than the buffer that it points to recv_data(for example, 4000), will this lead to a buffer overflow? (I actually tried to do this, but I can't seem to call segfault).

I am trying to create an intentionally vulnerable server program to better understand these problems, so I tried to overflow through recv().

Amendment

, , client.c - 1024, strlen(send_data). gets(send_data) , 1024 , server.c , !:). strlen(send_data) send() ?

+5

c++ c sockets buffer-overflow recv

csjohn 03 . '13 15:44

3

recv_data[bytes_recieved] = '\0';

, 1024 .

,

bytes_recieved = recv(connected, recv_data, 1024, 0);

bytes_recieved = recv(connected, recv_data, 1024 - 1, 0);

bytes_recieved 1023, recv_data.

(recv()/send()) . -1 .

:

strlen() , , , NUL/0 -character. , , 0.

, sech 0 -terminator , strlen(), , , undefined .

, : send_data 0-terminated strlen() undefined behaviuor, , strlen() , 1024, send() .

+5

alk 03 . '13 15:45

Even if you send larger bytes than the buffer recv(), you can still recv()in subsequent calls recv(), so you said that bytes are bytes_receivedstill 5000because, say, you send 5000bytes, and your buffer receives 1000bytes, recv()it will only receive bytes on the first call 1000bytes, on the next call, 1000bytes, until he receives all your data. So, I think there is no buffer overflow here. This, by the way, is how TCP works.

0

Travellinggeek Mar 03 '13 at 16:04

source share

Jay · Accepted Answer · 2013-03-03T15:46:52+0000

, recv() , , recv_data (, 4000), ?

. 4000 , . , recv, C API, , , , , , undefined.

C, , . , API .

char recv_data[1024];

// Socket setup and so on ommited...

bytes_recieved = recv(connected, recv_data, 1024, 0);
recv_data[bytes_recieved] = '\0';

. undefined :
(a) recv -1, recv_data,
(b) recv 1024, , 1024 0 1023.

Can `recv ()` cause a buffer overflow?

More articles: