search

DWShuo / Secure-Coding

Simple client/servers with secure coding pratices in mind
0 stars 0 forks source link

daytime client segfaults if no port number is given #4

Open ibara opened 5 years ago

ibara commented 5 years ago 
/home/brian/Secure-Coding $ ./daytime            
Segmentation fault (core dumped) 
/home/brian/Secure-Coding $ egdb ./daytime daytime.core                                                               
GNU gdb (GDB) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-unknown-openbsd6.4".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./daytime...done.
[New process 399155]
Core was generated by `daytime'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  _libc_strtol (nptr=0x0, endptr=0x7f7ffffef3c8, base=0) at /usr/src/lib/libc/stdlib/strtol.c:68
68                      c = (unsigned char) *s++;
(gdb) bt full
#0  _libc_strtol (nptr=0x0, endptr=0x7f7ffffef3c8, base=0) at /usr/src/lib/libc/stdlib/strtol.c:68
        s = 0x0
        c = <optimized out>
        neg = <optimized out>
        cutoff = <optimized out>
        cutlim = <optimized out>
        acc = <optimized out>
        any = <optimized out>
#1  0x00000e6fb8aec4e3 in sec_atoi (str=0x0) at daytime_client.c:16
        temp = 0x665 <error: Cannot access memory at address 0x665>
        val = 766960
        result = 720930
        val2 = 28
#2  0x00000e6fb8aec37a in main (argc=1, argv=0x7f7ffffef888) at daytime_client.c:36
        sockfd = 32639
        n = 0
        recvline = "0\367\376\377\177\177\000\000\070\367\376\377\177\177\000\000\340껨r\016\000\000\000\204\004-r\016\000\000\260⻨r\016\000\000\000\300\344\316q\016\000\000\300\310J[r\016\000\000E\022\\\t\000\000\000\000\274Pv\236 ", '\0
00' <repeats 11 times>, "\340껨r\016\000\000\270\364\376\377\177\177", '\000' <repeats 11 times>, "\260\256\270o\016\000\000\000@\000\000\000\000\000\000\240N\275\250r\016\000\000\000lHFr\016\000\000\212p^\037\222\vg\274P\367\376\377\177\1
77\000\000~\233\274\250r\016\000\000\200\071\006\000\000\000\000\000\220\000\000\000\000\000\000\000\276軨r\016\000\000@\235\006\000\000\000\000\000\n\000\000\000\000\000\000\000\254\026\000\000\"\000\v\000"...
        servaddr = {sin_len = 160 '\240', sin_family = 244 '\364', sin_port = 65534, sin_addr = {s_addr = 32639}, sin_zero = "Hc\274\250r\016\000"}
        port = -2092668196
(gdb) q
ibara commented 5 years ago

You can fix this by adding a check for argc in main():

if (argc != 2) {
        fprintf(stderr, "usage: daytime port\n");
        exit(1);
}

any time before the sec_atoi() call (but preferably right at the start).