Main Content

Incorrect order of network connection operations

Socket is not correctly established due to bad order of connection steps or missing steps

expand all in page

Description

This defect occurs when you perform operations on a network connection at the wrong point of the connection lifecycle.

Risk

Sending or receiving data to an incorrectly connected socket can cause unexpected behavior or disclosure of sensitive information.

If you do not connect your socket correctly or change the connection by mistake, you can send sensitive data to an unexpected port. You can also get unexpected data from an incorrect socket.

Fix

During socket connection and communication, check the return of each call and the length of the data.

Before reading, writing, sending, or receiving information, create sockets in this order:

  • For a connection-oriented server socket (SOCK_STREAM or SOCK_SEQPACKET):

    socket(...);
bind(...);
listen(...);
accept(...);

  • For a connectionless server socket (SOCK_DGRAM):

    socket(...);
bind(...);

  • For a client socket (connection-oriented or connectionless):

    socket(...);
connect(...);

Examples

expand all

# include <stdio.h>
# include <string.h>
# include <time.h> 
# include <arpa/inet.h>
# include <unistd.h>

enum { BUF_SIZE=1025 };

volatile int rd;

int stream_socket_server(int argc, char *argv[])
{
    int listenfd = 0, connfd = 0;
    struct sockaddr_in serv_addr; 
     
    char sendBuff[BUF_SIZE];
    time_t ticks; 
    struct tm * timeinfo;

    listenfd = socket(AF_INET, SOCK_STREAM, 0);
    memset(&serv_addr, 48, sizeof(serv_addr));
    memset(sendBuff, 48, sizeof(sendBuff)); 
    
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
    serv_addr.sin_port = htons(5000); 
    
    bind(listenfd, (struct sockaddr*)&serv_addr, sizeof(serv_addr)); 
    
    listen(listenfd, 10); 
    
    while(1)
    {
        connfd = accept(listenfd, (struct sockaddr*)NULL, NULL); 
        
        ticks = time(NULL);
        timeinfo = localtime(&ticks);
        strftime (sendBuff,BUF_SIZE,"%I:%M%p.",timeinfo);
     
        write(listenfd, sendBuff, strlen(sendBuff));
        
        close(connfd);
        sleep(1);
    }
}

This example creates a connection-oriented network connection. The function calls the correct functions in the correct order: socket, bind, listen, accept. However, the program should write to the connfd socket instead of the listenfd socket.

Correction — Use Safe Socket

One possible correction is to write to the connfd function instead of the listenfd socket. 

# include <stdio.h>
# include <string.h>
# include <time.h> 
# include <arpa/inet.h>
# include <unistd.h>

enum { BUF_SIZE=1025 };

volatile int rd;

int stream_socket_server_good(int argc, char *argv[])
{
    int listenfd = 0, connfd = 0;
    struct sockaddr_in serv_addr; 
    
    char sendBuff[BUF_SIZE];
    time_t ticks; 
    struct tm * timeinfo;

    listenfd = socket(AF_INET, SOCK_STREAM, 0);
    memset(&serv_addr, 48, sizeof(serv_addr));
    memset(sendBuff, 48, sizeof(sendBuff)); 
    
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
    serv_addr.sin_port = htons(5000); 
    
    bind(listenfd, (struct sockaddr*)&serv_addr, sizeof(serv_addr));
    listen(listenfd, 10); 
    
    while(1)
    {
        connfd = accept(listenfd, (struct sockaddr*)NULL, NULL); 
        ticks = time(NULL);
        timeinfo = localtime(&ticks);
        strftime (sendBuff,BUF_SIZE,"%I:%M%p.",timeinfo);
        write(connfd, sendBuff, strlen(sendBuff));
        close(connfd);
        sleep(1);
    }
}

Result Information

Group: Security
Language: C | C++
Default: Off
Command-Line Syntax: BAD_NETWORK_CONNECT_ORDER
Impact: Medium

Version History

Introduced in R2015b

See Also

Topics