#include <stdlib.h>
#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>

//6 characters big enough to hold hacked+ end of string
#define MAX_LINE 7
#define LISTENQ 100
#define INIT_VALUE 0

#include <unistd.h>

/* A demonstration of vulnerable buffer code, the system version checks the lenght against
   a calling paramter. */
int badRead( int fd, char *buf );


int main(int argc, char **argv) {

	int welcomeSocket, connectionSocket, bytesRead, baseport = 6789;

	struct sockaddr_in servaddr;
	servaddr.sin_family      = AF_INET;
	servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
	servaddr.sin_port        = htons(baseport);      

	int preTargetInt = INIT_VALUE;
	char preTargetString[MAX_LINE] = "";
	char clientSentence[MAX_LINE]; 
	char postTargetString[MAX_LINE] = "";
	int postTargetInt = INIT_VALUE;

	welcomeSocket = socket(AF_INET, SOCK_STREAM, 0);

	while( bind(welcomeSocket, (struct sockaddr *) &servaddr, 	sizeof(servaddr)) ) {
		baseport++;
		servaddr.sin_port        = htons(baseport);
	}
	
	printf( "Bound to port %i\n", baseport );

	listen(welcomeSocket, LISTENQ);

	while(1) {

		connectionSocket = accept(welcomeSocket, (struct sockaddr *) NULL, NULL);

/*		bytesRead = read(connectionSocket, clientSentence, MAX_LINE); */
		bytesRead = badRead(connectionSocket, clientSentence);
		printf( "Recieved: %s, reported length: %i\n", clientSentence, bytesRead );

		write(connectionSocket, &clientSentence, bytesRead);
		write(connectionSocket, "\n", 1);

		close(connectionSocket);

		printf( "preTargetInt is: %i, it should be %i \n", preTargetInt, INIT_VALUE );
		printf( "postTargetInt is: %i, it should be %i \n", postTargetInt, INIT_VALUE );
		printf( "preTargetString: %s\n", preTargetString );
		printf( "postTargetString: %s\n", postTargetString );		
	} 

	close(welcomeSocket);

}

/* A demonstration of vulnerable buffer code, the system version checks the lenght against
   a calling paramter. */
int badRead( int fd, char *buf ) {
	char c;
	int size, length = 0;

	while(1) {

		/* read a single character from the socket */
		if ( (size = read(fd, &c, 1)) == 1 ) {
			
			/* make sure we really read a character */
			if( size == 1 ) {
				
				/* make sure we arent actually done reading */
				if( c == '\n' || c == '\r' ) {
					*(buf + length) = '\0';
					return length;
				} else {
					*(buf + length) = c;
					length++;
				}
			}
		}
	}
	return length;
}