[zeromq-dev] zmq_server can be remotely crashed with telnet
Martin Sustrik
sustrik at fastmq.com
Mon Mar 30 14:16:30 CEST 2009
Aamir,
> Thank you for the fix. I also noticed that the same thing happens with
> any program that declares a global object. For example, if you write a
> program to create a global exchange on some port and then telnet to
> that port you can crash the program with bad data.
I've checked this. It seems that when you press Ctrl+C in telnet, it
sends following 5 bytes to 0MQ: ff f4 ff fd 06 (wireshark interprets the
sequence as SIGCOMP, see RFC3321). I have no idea what is it supposed to
mean.
In any case, it is interpreted as a header of extremely large message by
0MQ (~2^63 bytes). 0MQ in its turn tries to allocate a memory for the
message and fails.
There's no clean way to deal with the problem. The only possibility is
to allow user to specify maximal acceptable size of the message - if the
size of incoming message is larger than the threshold, the connection
would be killed.
Martin
More information about the zeromq-dev
mailing list