[zeromq-dev] Vulnerability of devices to incoming messages
MinRK
benjaminrk at gmail.com
Tue Aug 10 08:34:32 CEST 2010
Hello,
I'm using ZMQ devices for parallel computing in IPython. One of our devices
is a Queue with XREQ on one side and XREP on the other. This model, like any
device where one socket requires an IDENT prefix (XREP), and the other does
not prepend a message (anything other than XREP), is vulnerable to invalid
messages. If the socket that is not XREP receives a single message, that
will be relayed to the XREP as a message with routing IDENTITY but no
content. This fails an assertion, and triggers SIGABRT, bringing down the
entire process.
It is a security concern for us that _incoming_ messages have the ability to
crash the device process. Are there any standard models or plans for ZMQ
devices that can survive invalid messages like this?
-MinRK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20100809/4fe3e68f/attachment.htm>
More information about the zeromq-dev
mailing list