PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

ReceiveNetworkData() secure of buffer overflows?

https://www.purebasic.fr/english/viewtopic.php?t=17674

Page 1 of 1

ReceiveNetworkData() secure of buffer overflows?

Posted: Fri Nov 11, 2005 8:59 am
by Kukulkan
Hi,

Is ReceiveNetworkData() secure? Is the used buffer a PB-own buffer or is it only a wrapper for winsock-api-functions with the windows-own buffers?

I'm a little bit unsure if I get a buffer-overflow-problem if I use ReceiveNetworkData() of PB. Can someone give me some information about the security of the PB-network-functions?

Kukulkan

Posted: Fri Nov 11, 2005 9:51 am
by Dr. Dri
in case of overflow you may use the return value of the function

Dri

Posted: Fri Nov 11, 2005 9:58 am
by Kukulkan
Hi Dri,
in case of overflow you may use the return value of the function
You did not understand me. I know about the return value of ReceiveNetworkData(). I want to know if the function ReceiveNetworkData() itself is secure! This is a PB-thing behind my influence.

Kukulkan

Posted: Fri Nov 11, 2005 6:38 pm
by dell_jockey
you as the programmer provide ReceiveNetworkData() with a receive buffer, so what's keeping you from hardening it yourself? That way you know exactly what's going on, which I prefer over relying on a function not written by you.
Even if ReceiveNetworkData() itself is hardened against some data sequence from the outside thrashing it, I still would do my own buffer checks.

For more information, you might want to start reading this: http://msdn.microsoft.com/security/secu ... fault.aspx

Posted: Sat Nov 12, 2005 12:03 am
by Dr. Dri
you are right i don't understand your problem. you provide your buffer and its size to the function. if you provide valid values (a real buffer adress and its real size) you might not have any problem and in case of overflow the return value equals the size you gived to the function so you only have to reallocate a bigger buffer and call the function again...

i don't know what's unsecure if you don't send bad values to the function

Dri

Posted: Sat Nov 12, 2005 7:02 pm
by Tranquil
To be sure I use Recv_() Windows API which is nearly the same syntax as ReceiveNetworkData().

And what he mean is: There is a socket buffer allocated by Windows for each socket connection and the buffer on your App. (on OSI Layer 7)

Therefore I dont think that it is possible to get a buffer overflow with the PB Command couse it should block the next datagram and gives a socket_error on the sender-side.

Mike
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited