Networking and the BSD Sockets API
Subject:   security error in client code
Date:   2003-01-13 11:42:51
From:   anonymous2
In the client code, you wrote:

printf( buffer );

this is vulnerable to the common "format-string security error" which is the second most common security error in C network software. The corrected line should read:

printf( "%s", buffer );

In addition, you invite a future security error by using hardcoded constants here:

char buffer[201];
while (n = read(sockfd, buffer, 200)) {

instead of:

#define BUFSIZE 200
char buffer[BUFSIZE + 1];
while (n = read(sockfd, buffer, BUFSIZE)) {

Please take care not to promulgate insecure C programming practices in the future.

1 to 1 of 1
  1. Give the author a break...
    2003-01-20 11:28:41  stevesheets [View]

1 to 1 of 1