[zeromq-dev] Vulnerability of devices to incoming messages
benjaminrk at gmail.com
Tue Aug 10 19:30:38 CEST 2010
It is posted here:
with accompanying gist for reproducing the issue.
On Tue, Aug 10, 2010 at 01:25, Pieter Hintjens <ph at imatix.com> wrote:
> Could you provide a minimal test case that reproduces the problem, and
> perhaps file an issue on the github tracker, thanks.
> On Tue, Aug 10, 2010 at 8:34 AM, MinRK <benjaminrk at gmail.com> wrote:
> > Hello,
> > I'm using ZMQ devices for parallel computing in IPython. One of our
> > is a Queue with XREQ on one side and XREP on the other. This model, like
> > device where one socket requires an IDENT prefix (XREP), and the other
> > not prepend a message (anything other than XREP), is vulnerable to
> > messages. If the socket that is not XREP receives a single message, that
> > will be relayed to the XREP as a message with routing IDENTITY but no
> > content. This fails an assertion, and triggers SIGABRT, bringing down the
> > entire process.
> > It is a security concern for us that _incoming_ messages have the ability
> > crash the device process. Are there any standard models or plans for ZMQ
> > devices that can survive invalid messages like this?
> > -MinRK
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the zeromq-dev