1

I have a couple of questions about C#.NET client/server applications that communicate via Tcp.

  1. How can I best secure my Tcp listener from buffer overflow attacks? I would imagine it occurs at the point at which I read a line off the StreamReader that is associated with the given TcpClient's NetworkStream, but I don't know specifics.

  2. Would someone point me to a really good TcpClient .NET with SSL (via SslStream I guess) tutorial or document?

Thanks guys.

kmarks2
  • 4,755
  • 10
  • 48
  • 77
  • possible duplicate of [Is buffer overflow/overrun possible in completely managed asp.net c# web application](http://stackoverflow.com/questions/156445/is-buffer-overflow-overrun-possible-in-completely-managed-asp-net-c-sharp-web-ap) – jgauffin Nov 23 '11 at 15:49
  • Possible duplicate of http://stackoverflow.com/questions/252365/creating-a-tcp-client-connection-with-ssl – jgauffin Nov 23 '11 at 15:49

1 Answers1

3

  1. .NET throws exceptions if you try to write outside buffers.

  2. That's a very broad question. You'll just wrap the NetworkStream with a SslStream and authenticate as a client or server.

Example:

var secureStream = new SslStream(tcpClient.GetStream());

MSDN has an example here.

Hazel へいぜる
  • 2,751
  • 1
  • 12
  • 44
jgauffin
  • 99,844
  • 45
  • 235
  • 372
  • Are the build in .NET defenses reliable and consistent? I have noticed some parts of the framework that are buggy and I'd hate to put faith in something that isn't bulletproof. – kmarks2 Nov 23 '11 at 15:44
  • We either trust .NET or we don't. I wouldn't go adding a lot of extra checks just to safe. – jgauffin Nov 23 '11 at 15:48