[zeromq-dev] Vulnerability of devices to incoming messages

MinRK benjaminrk at gmail.com
Tue Aug 10 08:34:32 CEST 2010


Hello,

I'm using ZMQ devices for parallel computing in IPython.  One of our devices
is a Queue with XREQ on one side and XREP on the other. This model, like any
device where one socket requires an IDENT prefix (XREP), and the other does
not prepend a message (anything other than XREP), is vulnerable to invalid
messages. If the socket that is not XREP receives a single message, that
will be relayed to the XREP as a message with routing IDENTITY but no
content. This fails an assertion, and triggers SIGABRT, bringing down the
entire process.

It is a security concern for us that _incoming_ messages have the ability to
crash the device process. Are there any standard models or plans for ZMQ
devices that can survive invalid messages like this?

-MinRK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20100809/4fe3e68f/attachment.htm>


More information about the zeromq-dev mailing list