[zeromq-dev] Vulnerability of devices to incoming messages

Martin Sustrik sustrik at moloch.sk
Sat Aug 14 01:20:23 CEST 2010


Ok,

Malformed frame should NOT crash the process.

It should be dropped silently.

Just image if it returns error. What would a device do with the error? 
It can either assert of drop the message. which brings us back where we 
were at the beginning.

However, there's also diagnostics aspect of the problem. You may want to 
see that something strange happened as a warning that there's a bug 
somewhere or that there's an attack going on.

For such purposes there should be an 'error' endpoint that you can 
connect to and subscribe for error events.

This is also consistent with the fact that the errors happen 
asynchronously and thus cannot be returned from 0MQ API directly.

Martin



More information about the zeromq-dev mailing list