2

I have a simple Java server program, I am wondering whether this simple code is safe to run on an unsecured network.

This is some modified code which listens on a port and either sends or gets a message depending on the request.

        try ( 
            ServerSocket serverSocket = new ServerSocket(portNumber);
            Socket clientSocket = serverSocket.accept(); 
            PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true);
            BufferedReader in = new BufferedReader( new InputStreamReader(clientSocket.getInputStream()));
            ) {

        String inputLine;
        String[] details = {"", "", ""};

        for (int index = 0; index < 3; index++) {
            if ((inputLine = in.readLine()) == null) break;
            details[index] = inputLine;
        }

        if (details[0] == 'send_message') { 
                            sendMessage();
                    }
                    else {
                            getMessage();
                    }


    } catch (IOException e) {
        debugPrint(e.getMessage());
    }

I am asking this as I am coming from a C background, and I want to make sure buffer overflowing cannot occur or whether potentially there is anything else.

I recognise that this might be a silly question, however I could not find any information on it.

chris.fy
  • 177
  • 1
  • 12
  • Java has no buffer overflows like C. You might still get `OutOfMemoryException` etc if some bad client just spams data. (the line you get from `readLine` is potentially infinite) – zapl Nov 05 '13 at 19:14
  • 1
    btw replace `details[0] == 'send_message'` with `"send_message".equals(details[0])` since you can't `==` compare `String`. http://stackoverflow.com/questions/513832/how-do-i-compare-strings-in-java – zapl Nov 05 '13 at 19:31

1 Answers1

0

No, nothing can happen. JVM is a sandbox that will prevent your socket-based class to modify anything critical unless you call it yourself from the code. In the worst case, JVM process will just shut down.

PS. Potentially, there might be some security holes in JVM, but you cant protect yourself from those and if those are found, new updates for JVM are made immediately.

Artem Moskalev
  • 5,748
  • 11
  • 36
  • 55