Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

string compare validation doesnt work

Posted on 2006-04-19
6
Medium Priority
?
268 Views
Last Modified: 2010-04-15
hi all,
the program involved of the client-server communication, but the communication between both side seems not the cause of problem, after server retrieved the name and password from the client, parameter is pass into the login function to validate the user. but the program output is not as what i expected since the string compare is not work, all the coding for client and server is provided. and a password.txt is a must so that the server side can open the file for validation checking. hopes to see the solution for my problem as soon as possible.

server.c coding:
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <string.h>
#include <time.h>

void dostuff(int);
void error(char *msg);
int login(int sockfd);
int validate(char name[8],char pass[32]);
static char name[8];
static char pass[32];
FILE *loginfile,*logfile;

int main(int argc, char *argv[])
{      int sockfd, newsockfd, portno, clilen, pid;
           struct sockaddr_in serv_addr, cli_addr;

      if (argc < 2)
      {
            fprintf(stderr,"No port number defined\n");
              exit(1);
           }
      sockfd = socket(AF_INET, SOCK_STREAM, 0);
           if (sockfd < 0)
              error("Error opening socket");
           bzero((char *) &serv_addr, sizeof(serv_addr));
           portno = atoi(argv[1]);
           serv_addr.sin_family = AF_INET;
           serv_addr.sin_port = htons(portno);
           serv_addr.sin_addr.s_addr = INADDR_ANY;
           if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
                    error("Error on binding");
           listen(sockfd,5);
           clilen = sizeof(cli_addr);
           while (1)
      {            newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
               if (newsockfd < 0)
                         error("Error accepting incoming connection!\n");
               pid = fork();
               if (pid < 0)
                         error("Error creating child process!\n");
               if (pid == 0)
            {            close(sockfd);
                  login(newsockfd);
                         exit(0);
               }
               else
            {      close(newsockfd);      }
           }
      return 0;
}

void error(char *msg)
{
      perror(msg);
      exit(1);
}

int login(int newsockfd)
{      int n;
      int authorized;
      char temp[256];
      bzero(name,8);
      bzero(pass,32);
      bzero(temp,256);
      n=read(newsockfd,&temp,255);
      if(n<0)
            error("Error reading from socket");
      strcpy(name,temp);
      printf("Name entered: %s",name);
      bzero(temp,256);
      n=read(newsockfd,&temp,255);
      if(n<0)
            error("ERROR reading from socket");
      strcpy(pass,temp);
      printf("Password entered: %s\n",pass);
      bzero(temp,256);

      authorized=(validate(name,pass));

      if(authorized==1)
            printf("success");
      else
            printf("failed");
}

int validate(char name[8],char pass[32])
{      char checkname[8];
      char checkpassword[32];
      printf("Validating user...\n");
      printf("username: %s",name);
      printf("password: %s\n",pass);
      if((loginfile=fopen("password.txt","r"))==NULL)
            printf("Login file not found");
      else
      {      do
            {      fscanf(loginfile,"%s %s",&checkname,&checkpassword);
                  printf("cu: %s cp: %s\n",checkname,checkpassword);
                  if(strcmp(checkname,name)==0)
                  {
                        if(strcmp(checkpassword,pass)==0)
                        {
                              fclose(loginfile);
                              return 1;
                        }
                  }
            }while(!feof(loginfile));
            fclose(loginfile);
            return 0;
      }
}
-----------------------------------------------------------------------------------------------------------
client.c coding
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>

void error(char *msg);

int main(int argc, char *argv[])
{          int sockfd, portno, n;
          struct sockaddr_in serv_addr;
          struct hostent *server;
          char buffer[256];
          if (argc < 3)
      {      fprintf(stderr,"Please provide the hostname and port number!\n", argv[0]);
                   exit(0);
          }
          portno = atoi(argv[2]);
          sockfd = socket(AF_INET, SOCK_STREAM, 0);
          if (sockfd < 0)
              error("Error opening socket!");
          server = gethostbyname(argv[1]);
          if (server == NULL)
      {            fprintf(stderr,"Error, no such host!\n");
              exit(0);
          }
          bzero((char *) &serv_addr, sizeof(serv_addr));
          serv_addr.sin_family = AF_INET;
          bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);
          serv_addr.sin_port = htons(portno);
          if (connect(sockfd,&serv_addr,sizeof(serv_addr)) < 0)
              error("Error connecting");
      printf("Restricted users only.\n");
          printf("Please enter your name: ");
          bzero(buffer,256);
          fgets(buffer,255,stdin);
          n = write(sockfd,buffer,strlen(buffer));
          if (n < 0)
               error("Error writing to socket");
          bzero(buffer,256);
          printf("Please enter your password: ");
          fgets(buffer,255,stdin);
          n = write(sockfd,buffer,strlen(buffer));
          if (n < 0)
               error("Error writing to socket");
          return 0;
}

void error(char *msg)
{
    perror(msg);
    exit(0);
}
-----------------------------------------------------------------------------------------------------------
password.txt:
12345678 1234
23456789 2345
-----------------------------------------------------------------------------------------------------------
server.c result:
user$ server 50000
Name entered: 12345678
Password entered: 1234

Validating user...
username: 12345678
password: 1234

cu: 12345678 cp: 1234
cu: 23456789 cp: 2345
cu: 23456789 cp: 2345
-----------------------------------------------------------------------------------------------------------
client.c result:
user$ client localhost 50000
Restricted users only.
Please enter your name: 12345678
Please enter your password: 1234
user$
0
Comment
Question by:CSLEEDS
  • 3
  • 2
6 Comments
 
LVL 16

Accepted Solution

by:
imladris earned 225 total points
ID: 16493248
HMmm. I can't explain all of your observations in detail. However, I suspect a bunch of the problem is in the validate method.

int validate(char name[8],char pass[32])
{     char checkname[8];
     char checkpassword[32];
     printf("Validating user...\n");
     printf("username: %s",name);
     printf("password: %s\n",pass);
     ...
     ...


You are showing 8 character user names; however, you have only allocated 8 bytes for checkname. This will mean that the trailing zero (that denotes the end of the string) will be overflowing into other memory with unpredictable results.

So, if you ensure that name and checkname are 9 (or perhaps a more generous 10) bytes, that will definitely take care of some possible corruption. It may or may not alter the current behaviour you are getting.
0
 
LVL 5

Assisted Solution

by:cryptosid
cryptosid earned 225 total points
ID: 16493893
Also the definition of the validate function is somewhat doubtful , it should be

int validate(char name[],char pass[])


Regards,
Siddhesh
0
 
LVL 4

Author Comment

by:CSLEEDS
ID: 16494714
ok, now i have increase the size of the name, checkname, pass, checkpassword to 10 and 40 accordingly. beside of that, i have change the definition of the validate function as mentioned by cryptosid as well, but the program stil giving me the same result. any other recommendation?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Author Comment

by:CSLEEDS
ID: 16494788
i got it!
the problem was come from the fgets() function in the client side where the strlen of the buffer should b minus by 1 where the string is automatically append with a \n at the end.

and the code to write the input to buffer should b as shown below:
          fgets(buffer,255,stdin);
          n = write(sockfd,buffer,strlen(buffer)-1);
0
 
LVL 5

Expert Comment

by:cryptosid
ID: 16516261
On second thoughts, what could be happening is. when you specify strlen(buffer) and lets say it includes '\n' character, its possible that '\n' gets converted into 2 characters '\r' and '\l' which results in a buffer overrun when you pass a 8 letter user-id which because of the '\n' would become a 10 letter userid in binary.

I don't know for sure, but a debug might enlighten things up for you, hope the problem is resolved.

Regards,
Siddhesh
0
 
LVL 4

Author Comment

by:CSLEEDS
ID: 16579492
thanks for both of you to giving me a hand, the problem has been solved in the earlier time, sorry for my late respond to accept the answer, thank you!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An Outlet in Cocoa is a persistent reference to a GUI control; it connects a property (a variable) to a control.  For example, it is common to create an Outlet for the text field GUI control and change the text that appears in this field via that Ou…
Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use nested-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand how to create, access, and change arrays in the C programming language.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question