[zeromq-dev] Vulnerability of devices to incoming messages
benjaminrk at gmail.com
Tue Aug 10 08:34:32 CEST 2010
I'm using ZMQ devices for parallel computing in IPython. One of our devices
is a Queue with XREQ on one side and XREP on the other. This model, like any
device where one socket requires an IDENT prefix (XREP), and the other does
not prepend a message (anything other than XREP), is vulnerable to invalid
messages. If the socket that is not XREP receives a single message, that
will be relayed to the XREP as a message with routing IDENTITY but no
content. This fails an assertion, and triggers SIGABRT, bringing down the
It is a security concern for us that _incoming_ messages have the ability to
crash the device process. Are there any standard models or plans for ZMQ
devices that can survive invalid messages like this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the zeromq-dev