Found possible bug

Moderator: Project members

Message
Author
david.dda
550 File not found
Posts: 33
Joined: 2009-10-19 11:39
First name: David
Last name: Ope

Re: Found possible bug

#16 Post by david.dda » 2010-01-26 21:09

I am sorry, I can´t find any description in the file, where can I find it?

I have a second question:
there is a function recv(...) in the WinSock2.h file, this function is called for example in the AsyncSocketExLayer.cpp file. But I can´t find anywhere any implementation of the recv(...) function, I´ve just found out it´s a Microsoft SDK implementation.. I need to know, how this function works in order to answer the last two questions posted in this thread..

the header of recv(..) function in the WinSock2.h file (I couldn´t find any .cpp file with implementation):

Code: Select all

#if INCL_WINSOCK_API_PROTOTYPES
WINSOCK_API_LINKAGE
int
WSAAPI
recv(
    IN SOCKET s,
    __out_bcount_part(len, return) __out_data_source(NETWORK) char FAR * buf,
    IN int len,
    IN int flags
    );
#endif /* INCL_WINSOCK_API_PROTOTYPES */

Please, can you help me with this. Thank you a lot.

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Found possible bug

#17 Post by botg » 2010-01-26 21:37

Trivial, just enter recv and msdn into google, first result: http://msdn.microsoft.com/en-us/library ... 85%29.aspx

david.dda
550 File not found
Posts: 33
Joined: 2009-10-19 11:39
First name: David
Last name: Ope

Re: Found possible bug

#18 Post by david.dda » 2010-01-28 20:20

ok, danke sehr für den Verweis, hab jetzt alles durchstudiert.

so the function recv() is waiting for some kind of data, which are send out by a client. Please, can you tell, which kind of data are usually received by the recv() function? I mean the string that is saved in the allocated memory created for received messages from clients - the buf variable: recv(char* buf,...)

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Found possible bug

#19 Post by botg » 2010-01-28 22:04

It's some binary data. If you follow the call stack you'll quickly identify the function that parses the received data. From there it's easy to see what kind of data is getting transmitted.

david.dda
550 File not found
Posts: 33
Joined: 2009-10-19 11:39
First name: David
Last name: Ope

Re: Found possible bug

#20 Post by david.dda » 2010-02-01 10:55

ok, thank you. So the recv() function receives the data from clients in the real time, when both applications run, right? So when a static source code analyzer reports a warning after this function is called, it´s most probably because this function doesn´t retrieve any data, (it is like a death function for the static analyzer), as there is no send() order from any client. Is it right?

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Found possible bug

#21 Post by botg » 2010-02-01 21:28

So when a static source code analyzer reports a warning after this function is called, it´s most probably because this function doesn´t retrieve any data, (it is like a death function for the static analyzer), as there is no send() order from any client. Is it right?
recv is a very common function. Every static code analyzer should know about the semantics of this function.

Also, what is a "death function"?

david.dda
550 File not found
Posts: 33
Joined: 2009-10-19 11:39
First name: David
Last name: Ope

Re: Found possible bug

#22 Post by david.dda » 2010-02-02 10:04

by the term "death function" I mean a function, which doesn´t retrieve any data. The recv() function is just waiting for any input from a client, but the server has to run in order to receive some data, right? When I scanned the source code using Fortify static source code analyzer, it found about 30 errors related to the recv() function, reporting a Buffer Overflow (Input Validation and Representation, Data flow). This image bellow, shows the Diagram of one of those Buffer Overflows reported. I think, once the source code analyzer gets to the recv() function, it doesn´t get back any output data and therefore reports those buffer overflows? Might it be right?
Attachments
2162878160106173395HUaWFK_fs.jpg
2162878160106173395HUaWFK_fs.jpg (162.53 KiB) Viewed 5241 times
Last edited by boco on 2010-02-02 20:40, edited 1 time in total.
Reason: Re-posted as attachment.

david.dda
550 File not found
Posts: 33
Joined: 2009-10-19 11:39
First name: David
Last name: Ope

Re: Found possible bug

#23 Post by david.dda » 2010-02-02 10:07

the URL of the picture is: http://image69.webshots.com/769/8/78/16 ... WFK_fs.jpg
for copy and paste, if the link is not working properly.

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Found possible bug

#24 Post by botg » 2010-02-02 20:18

403 forbidden on both. Can you please attach the files directly to this topic? Should be enabled now.
by the term "death function" I mean a function, which doesn´t retrieve any data. The recv() function is just waiting for any input from a client, but the server has to run in order to receive some data, right?
Huh? The main (and usually only) purpose of recv is to retrieve data.

david.dda
550 File not found
Posts: 33
Joined: 2009-10-19 11:39
First name: David
Last name: Ope

Re: Found possible bug

#25 Post by david.dda » 2010-02-02 20:30

But can I know, which type of data will be retrieve, when I am using a static analysis? I think, when the source code analyzer is refered to the recv() function (over some other functions), it tries to get the return value of this function, but since the exact return value is not known before the application is running, the source code analyzer reports a buffer overflow? Did you have a look on the picture I ve sent you in the previous post?

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Found possible bug

#26 Post by botg » 2010-02-02 22:32

But can I know, which type of data will be retrieve, when I am using a static analysis?
The union of all possible results.
since the exact return value is not known before the application is running, the source code analyzer reports a buffer overflow
A good analyser knows the semantics of recv. In particular it knows that recv does never write more data than what got passed to it.

david.dda
550 File not found
Posts: 33
Joined: 2009-10-19 11:39
First name: David
Last name: Ope

Re: Found possible bug

#27 Post by david.dda » 2010-02-10 14:36

Hi, I tried to build the source code of FileZilla Server 9_6, 9_15 and 9_32 and after a successful build (ca. 300 warnings, but 0 errors) I tried to launch the server application by double-click on the "FileZilla Server.exe" file. The window with the message "Start Server - Yes - No" pops out, but when I choose yes, the server doesn´t start. When I click the "FileZilla Server.exe" a second time it asks the same question. When I download the installation file from SourceForge.net and install the server without building the source code, its working fine - I can start and stop the server by clicking the "FileZilla Server.exe" file. Please do you know what is the problem? Is the server not working when I build it by myself?

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Found possible bug

#28 Post by botg » 2010-02-10 19:18

Did you select the Unicode build?

david.dda
550 File not found
Posts: 33
Joined: 2009-10-19 11:39
First name: David
Last name: Ope

Re: Found possible bug

#29 Post by david.dda » 2010-02-10 20:19

How can I select the unicode build? I built the application just with the following options checked: release, Win32 and pressed Build solution.

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Found possible bug

#30 Post by botg » 2010-02-10 21:37

In some of the older versions Release actually meant narrow-minded ANSI build, you had to explicitly select the Unicode Release configuration. In more recent versions all non-Unicode configurations have been removed.

Try uninstalling the service first, answer the first question with no and you'll be given that option.

Post Reply