Why puts function doesn't work with input char from socket in C++?

Question

This is my code for a server running a login manager, that log into a file the malicious access and print out the result of the wrong login. The chars user and pass come from the user input using the socket.

if ((memcmp(user, "admin", strlen("admin")) == 0)) {
    /*code... */
}
else {
    char msg[600];
    strcpy (msg,"Login error with ");
    strcat (msg,"user: ");
    strcat (msg,user);
    strcat (msg," password: ");
    strcat (msg,pass);
    strcat (msg," from: ");
    strcat (msg, client_ip);
    puts (msg);
    logfile->Write(msg);
    return false;
}

Well, the problem is the output both on the output console and in the logfile.

Like this:

Login error with user: lol

 password: asd

:��ܔ��P{w� from: 127.0.0.1

Why are there the strange asci chars? How can avoid the new line since they come from user input by socket?

Answer 1

As multiple people have commented about, this snippet of code contains nothing C++ specific, so I'm answering as if you are working in plain C.

I'm guessing, since you use memcmp above, that your input strings are not null terminated. strcat will keep on appending chars from whatever the pointer wanders into until it runs into a '\0'. You'll need to add a null terminator if you want to use user or password as a C-style string, or else use strncat and pass the length.

Also, beware of overrunning msg. You might have better luck using snprintf to format your message, since it accepts a maximum output string length.

Answer 2

This way you could make your code little bit smaller

if (strcmp(user, "admin") == 0) {
    /* yahoo, admin! */
}
else {
    char buff[256];
    snprintf(buff, sizeof(buff),
            "Login error with user: %s password: %s from: %s",
            user,
            pass,
            client_ip);
    printf("%s\n", buff);
    logfile->Write(buff);
    return false;
}

adding this extra code before if-statement you could ensure strings are valid

printf("user, len:%d, value: %s\n", strlen(user), user);
printf("pass, len:%d, value: %s\n", strlen(pass), pass);
printf("client_ip, len:%d, value: %s\n", strlen(client_ip), client_ip);