通过套接字获取线路
是否有一个 libc 函数可以执行与 getline 相同的操作,但可以使用连接的套接字而不是 FILE * 流?
解决方法是在套接字上调用 fdopen。这样做的时候需要注意哪些事项。这样做/不这样做的理由是什么。
这样做的一个明显原因是调用 getline 和 co,但也许重写一些自定义 getline 是一个更好的主意?
Is there a libc function that would do the same thing as getline, but would work with a connected socket instead of a FILE * stream ?
A workaround would be to call fdopen on a socket. What are things that should be taken care of, when doing so. What are reasons to do it/ not do it.
One obvious reason to do it is to call getline and co, but maybe it is a better idea to rewrite some custom getline ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
当您在套接字上调用读取时,它可能会过早返回零值。
例如。
如果 tcp 套接字的内核缓冲区已满,则可以返回小于 bufsize 的值。
在这种情况下,可能需要再次调用读取函数,除非它返回零或负结果。
因此最好避免使用 stdio 函数。您需要为 read 函数创建包装器,以便实现对 read 的迭代调用,从而可靠地获取 bufsize 字节。仅当无法从套接字读取更多字节时,它才应返回零值,就像从本地磁盘读取文件一样。
您可以在计算机系统:程序员的视角 兰德尔·布莱恩特。
源代码位于 此< /a> 站点。查找以 rio_ 开头的函数。
when you call a read on a socket, then it can return a zero value prematurely.
eg.
can return a value less than bufsize if the kernel buffer for the tcp socket is full.
in such a case it may be required to call the read function again unless it returns a zero or a negative result.
thus it is best to avoid stdio functions. you need to create wrappers for the read function in order to implement the iterative call to read for getting bufsize bytes reliably. it should return a zero value only when no more bytes can be read from the socket, as if the file is being read from the local disk.
you can find wrappers in the book Computer Systems: A Programmer's Perspective by Randal Bryant.
The source code is available at this site. look for functions beginning with rio_.
如果套接字连接到不受信任的输入,请为任意时间范围内的任意输入做好准备
解决任意计时和任意问题的一种方法data 将提供读取超时,例如通过 select(2) 并将您实际收到的数据逐字节馈送到一些编写良好的状态机。
If the socket is connected to untrusted input, be prepared for arbitrary input within arbitrary time frame
One way to address the arbitrary timing and arbitrary data would be to provide timeouts on the reads e.g. via select(2) and feed the data you actually receive to some well-written state machine byte by byte.
问题是如果您没有收到新行(\n 或 \r\n,取决于您的实现),程序将挂起。我会编写您自己的版本,该版本还会调用 select() 来检查套接字是否仍然可读/可写并且没有任何错误。实际上,没有办法判断是否有另一个“\n”或“\r\n”即将到来,因此请确保您知道来自客户端/服务器的数据将是一致的。
想象一下,您编写了一个使用 getline() 读取标头的网络服务器。如果攻击者简单地发送
getline 调用,则该调用将永远不会返回,并且程序将挂起。可能会消耗您的资源,最终可能会出现 DoS。
The problem would be if you don't receive the new line (\n or \r\n, depends on your implementation) the program would hang. I'd write your own version that also makes calls to select() to check if the socket is still read/writable and doesn't have any errors. Really there would be no way to tell if another "\n" or "\r\n" is coming so make sure you know that the data from the client/server will be consistent.
Imagine you coded a webserver that reads the headers using getline(). If an attacker simple sent
The call the getline would never return and the program would hang. Probably costing you resources and eventually a DoS would be possible.