Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14– 1 –15-441Exam FeedbackMar. 8, 2006TopicsTopics•reading list•finger clientLxx_Exam15-441Computer Networking– 1 –15-441SynchronizationTextbookTextbook•Looking Backward / Forward•Section 3.3 (ATM)•Section 4.4 (Multicast), 4.5 (MPLS)•Section 9.1 (DNS)•The TCP Adventure•Section 2.5 (Reliable Transfer)•Chapter 5: Transport (ok if you read 5.3 lightly)•Chapter 6: Congestion Control– 1 –15-441OutlineThe finger questionThe finger questionMythsMyths– 1 –15-441fingerProblemProblem•Here is a finger client•Connect to TCP port 79•send username•print out server's response•Say what's wrong•This was a “target-rich environment”– 1 –15-441finger.cint main(int argc, char *argv[]){ int s, len; struct sockaddr_in server; struct hostent *hp; char c, buf[8192]; if (argc != 3) { fprintf(stderr, "usage: %s host user\n", argv[0]); exit(9); } server.sin_family = AF_INET; server.sin_port = 79; server.sin_addr.s_addr = gethostbyname(argv[1]); s = socket(AF_INET, SOCK_DGRAM, 0); bind(s, (struct sockaddr *) &server, sizeof (server)); write(s, argv[2], strlen(argv[2])); write(s, "\r\n", 2); if ((len = read(s, buf, sizeof (buf))) > 0) write(1, buf, len); exit(0);}– 1 –15-441finger.cint main(int argc, char *argv[]){ int s, len; struct sockaddr_in server; struct hostent *hp; char c, buf[8192]; if (argc != 3) { fprintf(stderr, "usage: %s host user\n", argv[0]); exit(9); } server.sin_family = AF_INET; server.sin_port = 79; server.sin_addr.s_addr = gethostbyname(argv[1]); s = socket(AF_INET, SOCK_DGRAM, 0); bind(s, (struct sockaddr *) &server, sizeof (server)); write(s, argv[2], strlen(argv[2])); write(s, "\r\n", 2); if ((len = read(s, buf, sizeof (buf))) > 0) write(1, buf, len); exit(0);}– 1 –15-441finger.c server.sin_family = AF_INET; server.sin_port = 79; server.sin_addr.s_addr = gethostbyname(argv[1]); s = socket(AF_INET, SOCK_DGRAM, 0); bind(s, (struct sockaddr *) &server, sizeof (server)); write(s, argv[2], strlen(argv[2])); write(s, "\r\n", 2); if ((len = read(s, buf, sizeof (buf))) > 0) write(1, buf, len);Pretty much all of this is wrongPretty much all of this is wrong– 1 –15-441finger.c server.sin_family = AF_INET; server.sin_port = 79; server.sin_addr.s_addr = gethostbyname(argv[1]); s = socket(AF_INET, SOCK_DGRAM, 0); bind(s, (struct sockaddr *) &server, sizeof (server)); write(s, argv[2], strlen(argv[2])); write(s, "\r\n", 2); if ((len = read(s, buf, sizeof (buf))) > 0) write(1, buf, len);– 1 –15-441finger.cBadBad server.sin_port = 79;GoodGood server.sin_port = htons(79);BadBad server.sin_addr.s_addr = gethostbyname(argv[1]);GoodGood hp = gethostbyname(argv[1]); memmove(&server.sin_addr, hp->h_addr, hp->h_length);– 1 –15-441finger.cBadBad s = socket(AF_INET, SOCK_DGRAM, 0);GoodGood s = socket(AF_INET, SOCK_STREAM, 0);BadBad bind(s, (struct sockaddr *) &server, sizeof (server));GoodGood connect(s, (struct sockaddr *) &server, sizeof (server));– 1 –15-441finger.cBadBad if ((len = read(s, buf, sizeof (buf))) > 0) write(1, buf, len);GoodGood while ((len = read(s, buf, sizeof (buf))) > 0) write(1, buf, len);– 1 –15-441MythsMust close sockets before exit()Must close sockets before exit()•If that were true we'd all be in big trouble!•exit()'s job is to clean up process resourcessizeof(buf) == 4•That's like a real problem...•sizeof (pretty much any pointer) == 4 (on many machines)•sizeof (array) is, well, the size of the array, in bytes»“Doesn't work” for array parameters to a function»They're actually pointers (call by reference), not arrayswrite(stdout, ...)•That's mixing metaphors – file descriptors aren't stdio streams•You could write write(fileno(stdout), ...)•But if fileno(stdout) != 1 something very very odd is going on– 1 –15-441MythsCannot use write() and read() on UDP socketsCannot use write() and read() on UDP sockets•Sure you can!read() doesn't block to wait for server responseread() doesn't block to wait for server response•Yes, it does!strings must be converted to network byte orderstrings must be converted to network byte order•The network byte order for strings is:•Send the first byte, then the second, then the third...•“Byte order” is a problem when you have N-byte chunks•Integer is a 4-byte chunk•You could have a string byte-order problem with Unicode•Out of scope– 1 –15-441MythsBuffer overflows!Buffer overflows! write(s, argv[2], strlen(argv[2]));•We aren't putting anything into a buffer!•Certainly not one of fixed size, without a length check•The kernel might be putting these bytes in a buffer•If the kernel does that unsafely we have problems beyond finger•The finger server might carelessly handle this request•But we can't save it from other people triggering that read(s, buf, sizeof (buf))•Ok, this is a buffer•But we are very carefully not overflowing it!•If the kernel puts more than sizeof (buf) bytes into buf then we have problems bigger than fingerNot all buffer uses are buffer overflows!Not all buffer uses are buffer
View Full Document
Unlocking...