Thread: read undefined data from socket

  1. #1
    Registered User
    Join Date
    Feb 2010
    Posts
    11

    read undefined data from socket

    hi,
    i'm writing a program in C that read from a tcp socket some data.
    I know basics functions to work with socket, (bind, read, write) but today i have a question for you.
    With read() function i must have a buffer where to save data, but what happen if this buffer is too small? i must put read() in a while loop and realloc my buffer at every cycle?
    this sounds like a security risk, a malicious client can send me huge amount of data...

    thanks a lot

  2. #2
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    In that case the socket function recv() will return an error telling you the received data block was too big for the buffer and you can take whatever action is appropriate to your application.... you can clear the buffer and read out of band data, you can break the connection... etc. This is one of the many reasons why you must always monitor the return value of I/O functions.

    Then there's the little matter that you would be downright foolish to have an open socket that just absorbs whatever comes it's way... which is why the gods of TCP/IP gave us protocals to follow...

  3. #3
    Bit Fiddler
    Join Date
    Sep 2009
    Posts
    79
    Make it safe then.

  4. #4
    Ultraviolence Connoisseur
    Join Date
    Mar 2004
    Posts
    555
    recv normally just returns how many bytes it read. You are giving it the size of the buffer it is reading to so it will read at MOST that many bytes.

    Normally there is a standard of some kind, ie a protocol which defines these buffer limits.

    Think about this, you create a simple IM client and server applications. A client
    send a text message to the server which is then distributed to all the other clients connected to it. You would probably create some sort of standard like "500 characters maximum for an IM message", in that case you would probably want to use a buffer that size (or larger depending on any additional overhead routing information you may or may not be wrapping the message with) to receive said messages.

    However, recv() makes no guarantee that if you give it a 500 character buffer
    it actually READ 500 characters. That is why it returns the amount of characters it read (including the actual amount you requested if it did in fact read that many) so you know if you need to call recv() again to retrieve the rest of the message (and then manually cat that onto the existing partial data you have)

    So to summarize:
    recv() may or may not read as much data as you request (in the size paramter)
    recv() simply returns how much data it did in fact read or -1 on error
    recv() does not tell you if there is still data left in the buffer, thats what poll()/select() style calls are for

    NOTE: Its important to note recv() is only standardized on POSIX/etc.. style systems, ie
    its not part of ANSI C

  5. #5
    Registered User
    Join Date
    Feb 2010
    Posts
    11
    thanks everyone.
    i add this roule in my protocol, message lenght cannot be > 512 char...
    if a client send me >512 byte i discard this message.

    rules are rules!

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 21
    Last Post: 11-03-2007, 02:56 PM
  2. Read size of data array when reading .txt data
    By Taquito in forum C Programming
    Replies: 13
    Last Post: 04-29-2007, 01:52 AM
  3. Cannot read incoming data from socket
    By fnoyan in forum C++ Programming
    Replies: 6
    Last Post: 03-06-2006, 02:42 AM
  4. read/write through udp socket
    By xErath in forum Networking/Device Communication
    Replies: 3
    Last Post: 05-22-2005, 05:43 PM
  5. Socket programming: call to undefined function 'MAKEWORD'
    By Stray_Bullet in forum C Programming
    Replies: 2
    Last Post: 03-06-2002, 10:49 AM