[zeromq-dev] Vulnerability of devices to incoming messages

Pieter Hintjens ph at imatix.com
Wed Aug 11 20:37:12 CEST 2010


On Wed, Aug 11, 2010 at 8:23 PM, MinRK <benjaminrk at gmail.com> wrote:

> That does indeed fix the vulnerability in my code, thanks!
> Is it better for zmq in general, though, for xrep.send('msg') to silently
> fail, rather than raise? It's good for me, but I can imagine others having
> objections.
> I suppose this does better match the behavior of having an unmatched
> identity prefix on a valid message on an xrep, which just vanishes into the
> aether, right?

It's consistent at least.  It might be better to return an error code
so that the application can log it.

I'll commit that to master and close the issue.  Thanks again for
providing the test case, that makes all the difference.

-Pieter



More information about the zeromq-dev mailing list