[zeromq-dev] Vulnerability of devices to incoming messages

Pieter Hintjens ph at imatix.com
Tue Aug 10 10:25:34 CEST 2010


Could you provide a minimal test case that reproduces the problem, and
perhaps file an issue on the github tracker, thanks.


On Tue, Aug 10, 2010 at 8:34 AM, MinRK <benjaminrk at gmail.com> wrote:
> Hello,
> I'm using ZMQ devices for parallel computing in IPython.  One of our devices
> is a Queue with XREQ on one side and XREP on the other. This model, like any
> device where one socket requires an IDENT prefix (XREP), and the other does
> not prepend a message (anything other than XREP), is vulnerable to invalid
> messages. If the socket that is not XREP receives a single message, that
> will be relayed to the XREP as a message with routing IDENTITY but no
> content. This fails an assertion, and triggers SIGABRT, bringing down the
> entire process.
> It is a security concern for us that _incoming_ messages have the ability to
> crash the device process. Are there any standard models or plans for ZMQ
> devices that can survive invalid messages like this?
> -MinRK
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

More information about the zeromq-dev mailing list