/* formatme modified by feakk from Yoann Guillot and Julien Tinnes, used 'man select_tut' as skeleton */
#include <stdlib.h>
#include <stdio.h>
#include <ctype.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/types.h>
#include <string.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <sys/mman.h>
#include <malloc.h>

#define LISTEN_PORT 4546

void hprint(char *buf)
{
	int n;
	for(n=0; buf[n] != '\0'; n++)
	{
		if (!isspace(buf[n]))
		{
			if (isprint(buf[n]))
				printf("%c",(unsigned char)buf[n]);
			else
				printf("\\x%02x",(unsigned char)buf[n]);
		}
	}
}

int	main(void) {
	struct sockaddr_in a;
	int s, mysock;	
	int yes;
	const int BUFLEN = 255;
	char buf[BUFLEN];
	char fub[BUFLEN];

	if ((s = socket (AF_INET, SOCK_STREAM, 0)) < 0) {
		perror ("socket");
		return -1;
	}
	yes = 1;
	if (setsockopt
			(s, SOL_SOCKET, SO_REUSEADDR,
			 (char *) &yes, sizeof (yes)) < 0) {
		perror ("setsockopt");
		close (s);
		return -1;
	}
	memset (&a, 0, sizeof (a));
	a.sin_port = htons (LISTEN_PORT);
	a.sin_family = AF_INET;
	if (bind
			(s, (struct sockaddr *) &a, sizeof (a)) < 0) {
		perror ("bind");
		close (s);
		return -1;
	}
	printf ("Send your format string exploit to port %d\n",
		(int) LISTEN_PORT);
	listen (s, 10);
	for (;;) {
		mysock=accept(s, NULL, NULL);
		if (mysock == -1) {
			perror("accept");
			close(s);
			return -1;
		}
		if (!fork()) {
			//printf("\nGot new connexion\n");
			close(s);
			switch (yes=read(mysock, buf, BUFLEN)) {
				case -1:
					perror("read");
				case 0:												
					close(mysock);
					close(s);
					return -1;					
			}
			buf[yes] = '\0';		

			// Prevent the other classical exploit		
			yes = snprintf(fub, BUFLEN, buf);
			write(mysock, fub, yes > BUFLEN ? BUFLEN : yes);
			
			return 6*7;
		} else
			close(mysock);
	}
	
}