[zeromq-dev] Vulnerability of devices to incoming messages

Pieter Hintjens ph at imatix.com
Tue Aug 10 19:14:08 CEST 2010

Hi Benjamin,

Thanks for posting the test case, it makes it clear.

At the least the documentation for zmq_device(3) should state what
socket types are safe to use.  Do any other socket types prepend an
identity apart from XREP?


On Tue, Aug 10, 2010 at 10:25 AM, Pieter Hintjens <ph at imatix.com> wrote:
> Benjamin,
> Could you provide a minimal test case that reproduces the problem, and
> perhaps file an issue on the github tracker, thanks.
> -Pieter
> On Tue, Aug 10, 2010 at 8:34 AM, MinRK <benjaminrk at gmail.com> wrote:
>> Hello,
>> I'm using ZMQ devices for parallel computing in IPython.  One of our devices
>> is a Queue with XREQ on one side and XREP on the other. This model, like any
>> device where one socket requires an IDENT prefix (XREP), and the other does
>> not prepend a message (anything other than XREP), is vulnerable to invalid
>> messages. If the socket that is not XREP receives a single message, that
>> will be relayed to the XREP as a message with routing IDENTITY but no
>> content. This fails an assertion, and triggers SIGABRT, bringing down the
>> entire process.
>> It is a security concern for us that _incoming_ messages have the ability to
>> crash the device process. Are there any standard models or plans for ZMQ
>> devices that can survive invalid messages like this?
>> -MinRK
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

More information about the zeromq-dev mailing list