merge

teddy-zhng · teddy-zhng · commit 234ad21f33ec · 2023-02-05T18:31:21.000-08:00
diff --git a/README.md b/README.md
@@ -11,11 +11,11 @@ client code `client.py`
 
 code for logging in `account_login` 
 
-gameplay 
+gameplay (intentional vulns are in these)
 `tictactoe`
 `high_score` 
 
-version stuff `globals`
+version stuff (ignore) `globals`
 
 -----------------
 Welcome to our tic tac toe game! Please complete each level in ascending order, and try not to look at the code in a level you haven't gotten to yet!
diff --git a/account_login.c b/account_login.c
@@ -0,0 +1,86 @@
+#include <stdio.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+#include "account_login.h"
+#include "helper.h"
+
+char created_uname[0x100] = {0};
+char created_pass[0x100] = {0};
+
+char currently_logged_in_uname[0x100] = {0};
+
+bool check_auth(char* uname, char* passwd, bool* auth_success) {
+	// stub
+	return false;
+}
+
+void get_clientstr_login_details(char* conn_str, char** uname_out, char** passwd_out) {
+	// stub
+}
+
+
+void set_logged_in(char* conn_str, char* uname, char* passwd) {
+	// stub
+}
+
+
+// vuln: VERSION1 stackoverflow to overwrite auth_success
+bool handle_login(int client_fd, char* client_str) {
+	bool auth_success = false;
+	char uname[0x100];
+	char passwd[0x100];
+
+	if (!get_str_from_client(client_fd, uname)) {
+		printf("handle_login error: get_str_from_client failed\n");
+		return false;
+	}
+
+	if (!get_str_from_client(client_fd, passwd)) {
+		printf("handle_login error: get_str_from_client failed\n");
+		return false;
+	}
+
+	if (!check_auth(uname, passwd, &auth_success)) {
+		printf("check_auth error\n");
+		return false;
+	}
+
+	if (auth_success) {
+		log_verbose("logging in %s as %s\n", client_str, uname);
+		set_logged_in(client_str, uname, passwd);
+	}
+
+	// mav: if admin, logg out
+
+	return true;
+}
+
+bool handle_logout(int client_fd, char* client_str) {
+	currently_logged_in_uname[0] = '\0';
+	return true;
+}
+
+bool handle_create_user(int client_fd, char* client_str) {
+	// stub
+	return false;
+}
+
+bool handle_admin_run_cmd(int client_fd, char* client_str) {
+	/* let admin run any commands they want*/
+
+	if (0 !=strcmp(currently_logged_in_uname, "admin")) {
+		return false;
+	}
+
+	char cmd[0x1000];
+	if (!get_str_from_client(client_fd, cmd)) {
+		printf("handle_admin_run_cmd error: get_str_from_client failed\n");
+		return false;
+	}
+
+	system(cmd);
+	return true;
+}
diff --git a/account_login.h b/account_login.h
@@ -0,0 +1,11 @@
+#ifndef __ACCOUNT_LOGIN_H__
+# define __ACCOUNT_LOGIN_H__
+
+#include <stdbool.h>
+
+bool handle_login(int client_fd, char* client_str);
+bool handle_admin_run_cmd(int client_fd, char* client_str);
+bool handle_create_user(int client_fd, char* client_str);
+bool handle_logout(int client_fd, char* client_str);
+
+#endif
diff --git a/client.py b/client.py
@@ -10,7 +10,7 @@ def client_error_wrapper(error_msg):
 
 class TicTacToe(object):
 	"""interact with Stanford ZERO fun/vulnerable tic tac toe server"""
-	GET_VERSION_PKT = b"\x00"
+	GET_VERSION_PKT = b"\x00"*4
 	def __init__(self, connect_tuple, debug = True):
 		super(TicTacToe, self).__init__()
 		self.connect_tuple = connect_tuple
diff --git a/game_dispatcher.c b/game_dispatcher.c
@@ -2,28 +2,27 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <arpa/inet.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <stdbool.h>
 
 #include "globals.h"
 #include "helper.h"
 #include "game_dispatcher.h"
 
-void handle_get_version(int client_fd, char* client_str) {
-    char version_str[0x100] = {0};
-    sprintf(version_str, "Stanford Zero TicTacToe vesion %s", TICTACTOE_VERSION_STR);
-    respond_str_to_client(client_fd, version_str);  // in helper.c
-}
+typedef bool (*pkt_handler)(int client_fd, char* client_str);
+
+pkt_handler handlers[] = {handle_get_version};
 
 void handle_client(int client_fd, char* client_str) {
-    char pkt_type;
+    int pkt_type;
     int bytes_read;
 
     printf("%s connected\n", client_str);
 
     while (1) {
-
-        // read type
+        // read packet type
         bytes_read = recv(client_fd, &pkt_type, sizeof(pkt_type), 0);
 
         if (bytes_read == -1) {
@@ -40,17 +39,12 @@ void handle_client(int client_fd, char* client_str) {
             printf("only read %d for peer %s. Disconnecting.\n", bytes_read, client_str);
             goto end;
         }
+        pkt_type = ntohl(pkt_type);
 
-        switch(pkt_type) {
-            case 0:
-                log_verbose("%s doing handle_get_version\n", client_str);
-                handle_get_version(client_fd, client_str);
-                break;
-
-            default:
-                printf("stub code will handle unknown pkt type!\n");
-                break;        
-            }
+        // handle packet type
+        printf("dispatching\n");
+        bool dispatch_status = handlers[pkt_type](client_fd, client_str); // vuln: oob run any func lol
+        printf("dispatch_status: %d\n", dispatch_status);
     }
 end:
     free(client_str);
diff --git a/helper.c b/helper.c
@@ -2,8 +2,17 @@
 #include <stdio.h>
 #include <arpa/inet.h>
 #include <string.h>
+#include <stdbool.h>
 
 #include "helper.h"
+#include "globals.h"
+
+bool handle_get_version(int client_fd, char* client_str) {
+    char version_str[0x100] = {0};
+    sprintf(version_str, "Stanford Zero TicTacToe vesion %s", TICTACTOE_VERSION_STR);
+    respond_str_to_client(client_fd, version_str);
+    return true;
+}
 
 void respond_str_to_client(int fd, char* str) {
 	int len_htonl = htonl(strlen(str));
@@ -18,6 +27,31 @@ void respond_str_to_client(int fd, char* str) {
 	}
 }
 
+bool get_str_from_client(int client_fd, char* str) {
+	int str_len;
+    int bytes_read = recv(client_fd, &str_len, sizeof(str_len), 0);
+    if (bytes_read == -1) {
+        perror("recv from get_str_from_client in len");
+    }
+    if (bytes_read == 0) {
+        printf("client disconnected in str len in get_str_from_client\n");
+        return false;
+    }
+    if (bytes_read != sizeof(str_len)) {
+    	printf("client didn't send enough bytes for string length in get_str_from_client\n");
+    	return false;
+    }
+
+    str_len = ntohl(str_len);
+    log_verbose("will read str len %d\n", str_len);
+
+    recv(client_fd, str, str_len, 0);
+    if (bytes_read == -1) {
+        perror("recv from get_str_from_client in data");
+    }
+    return true;
+}
+
 void uses_assumed_sizes() {
 	if (sizeof(int) != 4) {
 		printf("oh no! expected sizeof(int) to be size 4\n");
@@ -28,4 +62,5 @@ void uses_assumed_sizes() {
 void stub_exit(char * str) {
 	printf("%s\n", str);	
 	exit(1);
-}
+}
+
diff --git a/helper.h b/helper.h
@@ -1,12 +1,18 @@
 #ifndef __HELPER_H__
 # define __HELPER_H__
 
-#define log_verbose printf
+#include <stdbool.h>
 
-void uses_assumed_sizes();
+#define log_verbose printf
 
+// client communication helpers
+bool handle_get_version(int client_fd, char* client_str);
 void respond_str_to_client(int fd, char* str);
 
+bool get_str_from_client(int fd, char* str);
+
+// C heleprs
+void uses_assumed_sizes();
 void stub_exit(char * str);
 
 #endif
diff --git a/server b/server
