You have a whole bunch of flaws in your program that can cause the client to crash (and you can probably make the server crash too, although I haven't really looked into it.)
Here're some places that you need to examine:
case IDC_SEND:
{
int len=GetWindowTextLength(GetDlgItem(hwnd,IDC_MAIN_EDIT));
if(len > 0)
{
GetDlgItemText(hwnd,IDC_MAIN_EDIT,new_data,len+1);
SetDlgItemText(hwnd,IDC_MAIN_EDIT,""); First off, this causes an overflow on new_data. The problem here is that you're getting the length of the message, and then you're allowing that much data to be copied into new_data. The purpose of the last parameter of GetDlgItemText is to truncate data if it's too long, it relies entirely on the fact that your length calculation is correct. Meaning since new_data is 1024 bytes long (give or take, compilers and optimizations cause nuances in things like this,) if you type in 5000 characters, your program will copy it without problem because the last parameter of GetDlgItemText will say at that point "Let 5000+1 characters go through." What you need to change that to is something like this:
GetDlgItemText(hwnd,IDC_MAIN_EDIT,new_data,sizeof(new_data)-3);
That way that will ensure that new_data is not overflowed.
Next:
strcpy(message,username);
strcat(message," : ");
strcat(message,new_data);
Now, you've truncated new_data and because new_data and message have the same length, you'd think that you couldn't overflow the message variable. Wrong, look at this code fragment:
case IDC_CHANGENAME:
{
int len=GetWindowTextLength(GetDlgItem(hwnd,IDC_MAIN_EDIT));
if(len > 0)
{
char *new_name;
new_name=(char *)GlobalAlloc(GPTR,len+1);
GetDlgItemText(hwnd,IDC_MAIN_EDIT,new_name,len+1);
strcpy(username,"<");
strcat(username,new_name);
strcat(username,">");
SetDlgItemText(hwnd,IDC_MAIN_EDIT,"");
}
else
{
MessageBox(NULL,"please select a username","msg",NULL);
}
}
There's more problems here: you allocate a buffer big enough to hold the name. Good, however, you then copy that onto the username variable which is only supposed to be 50 characters in length, and you copy it without length checking anyway. You can overflow this too, but let's say that you fix the first problem I pointed out (with new_data) and so only 1020 characters of data or so are copied into new_data. Okay, but then you strcat the 'username' variable onto it which can be (legitimately) 50 characters, so you're overflowing a 1070 character-or-so into a 1024 character buffer.
My advice to fix these bugs is that you start checking out your program logic a little more and start using functions like this:
A) snprintf
B) strncpy*
Hope this helped.
* strncpy is still not entirely safe. It will -not- terminate the destination buffer with a \0 character, so you could have non-null termination issues, here's an example:
char dest[256],finaldest[256];
strncpy(dest,user_input,sizeof(dest));
strcpy(finaldest,dest);
If user_input is like 500 characters long, dest won't be null terminated by strncpy. Meaning in the second strcpy, any adjacent buffers next to 'dest' could cause an overflow very easily since strcpy copies until a null is found. Here's a safe macro to ensure this won't happen:
/*ensures safe null termination on the
dest buffer if it is used in subsequent copies*/
#define safer_strncpy(dest,src,size) \
strncpy(dest,src,sizeof(src)); dest[sizeof(dest)-1] = '\0';