Thread: recv() and recvfrom()

  1. 05-17-2004 #16
    anonytmouse
    anonytmouse is offline
    Yes, my avatar is stolen anonytmouse's Avatar
    Join Date
    Dec 2002
    Posts
    2,544
    OK, it's possible that you have found a serious easily reproducable bug in Windows 98 that no one has noticed for the last six or so years. However, before we can send off a report to bugtraq and notify CERT you're going to have to post a compilable reproduction of the problem.

    Seriously, this thread is 16 posts long and we still haven't got enough information to actually look at the problem. If you're not prepared to post the code I suggest this thread be closed as trying to guess at the problem is simply wasting everyone's time.
  2. 05-18-2004 #17
    Devil Panther
    Devil Panther is offline
    * Death to Visual Basic * Devil Panther's Avatar
    Join Date
    Aug 2001
    Posts
    768
    I did post some code, but if you really believe that the full code will help, there you go:

    Code:
    #define DNS_LNT 500


int DnsLookup(char *dns_server, char *host_name, char dns_id, char dns_type, char *msg)
 {
    int sockfd, numbytes, addr_lnt, tot_lnt;
    struct sockaddr_in ina;

    tot_lnt = DnsSetMsg(msg, host_name, dns_id, dns_type);  
/* this only sets a DNS message and returns the length */
    if ((sockfd=socket(AF_INET, SOCK_DGRAM, 0))==-1)
       return(0);

    ina.sin_family = AF_INET;
    ina.sin_port = htons(DNSPORT);   // port 53
    ina.sin_addr.s_addr = inet_addr(dns_server);
    memset(ina.sin_zero, '\0', 8);

    if ((numbytes=sendto(sockfd, msg, tot_lnt, 0, (struct sockaddr *)&ina, sizeof(struct sockaddr)))==-1)
       return(0);

    memset(msg, '\0', DNS_LNT);
    addr_lnt = sizeof(struct sockaddr);
    if ((numbytes=recvfrom(sockfd, msg, DNS_LNT-1, 0, (struct sockaddr *)&ina, &addr_lnt))==-1)
       return(0);

    closesocket(sockfd);
    if (msg[1]!=dns_id)
       return(0);
    return(1);
 }
    "I don't suffer from insanity but enjoy every minute of it" - Edgar Allen Poe

    http://www.Bloodware.net - Developing free software for the community.
  3. 05-18-2004 #18
    anonytmouse
    anonytmouse is offline
    Yes, my avatar is stolen anonytmouse's Avatar
    Join Date
    Dec 2002
    Posts
    2,544
    Still not enough sorry. We don't know how msg is declared. We don't have the code in DnsSetMsg that also uses the msg buffer. We don't know the value of tot_lnt that is passed to sendto that also uses the msg buffer. We don't have the code after the return from DnsLookup. Remember the effect of clobering memory may be delayed.

    It is easy to overrun while converting a domain name to the 3www9alltheweb3com0 format and it positively hard to avoid all buffer overrun scenarios when unpacking the reply and decompressing the domain names.

    Post the rest of the code and we'll have a look.
  4. 05-18-2004 #19
    Devil Panther
    Devil Panther is offline
    * Death to Visual Basic * Devil Panther's Avatar
    Join Date
    Aug 2001
    Posts
    768
    You're asking all the wrong questions, the only important thing that's missing is the declaration of msg:
    char msg[DNS_LNT]={0};

    All of the problems where in recvfrom(), nothing else matters, when (if) the program died, it died on recvfrom().

    note: at the end of DnsLookup() the msg contains the entire dns response, with all the answers, so it's pretty big.
    "I don't suffer from insanity but enjoy every minute of it" - Edgar Allen Poe

    http://www.Bloodware.net - Developing free software for the community.
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. recv returns with 0
    By napsy in forum Networking/Device Communication
    Replies: 12
    Last Post: 07-28-2008, 07:15 PM
  2. recv() blocks
    By multielements in forum Networking/Device Communication
    Replies: 6
    Last Post: 12-20-2004, 11:57 AM