[zeromq-dev] Vulnerability of devices to incoming messages
sustrik at moloch.sk
Sat Aug 14 01:20:23 CEST 2010
Malformed frame should NOT crash the process.
It should be dropped silently.
Just image if it returns error. What would a device do with the error?
It can either assert of drop the message. which brings us back where we
were at the beginning.
However, there's also diagnostics aspect of the problem. You may want to
see that something strange happened as a warning that there's a bug
somewhere or that there's an attack going on.
For such purposes there should be an 'error' endpoint that you can
connect to and subscribe for error events.
This is also consistent with the fact that the errors happen
asynchronously and thus cannot be returned from 0MQ API directly.
More information about the zeromq-dev