[zeromq-dev] [PATCH] assert on 0 length messages

Martin Sustrik sustrik at 250bpm.com
Fri Aug 27 18:11:36 CEST 2010


Dhammika,

Thanks! Your patch was committed as rev.98dc118.

Martin

On 08/27/2010 05:16 PM, Dhammika Pathirana wrote:
> Submitted under MIT/X11 license.
> Is it possible to make this a mailing list policy?
>
>
> diff --git a/src/zmq_decoder.cpp b/src/zmq_decoder.cpp
> index 8e335c9..3b3e13b 100644
> --- a/src/zmq_decoder.cpp
> +++ b/src/zmq_decoder.cpp
> @@ -55,6 +55,7 @@ bool zmq::zmq_decoder_t::one_byte_size_ready ()
>      else {
>
>          //  TODO:  Handle over-sized message decently.
> +        errno_assert (*tmpbuf != 0);
>
>          //  in_progress is initialised at this point so in theory we should
>          //  close it before calling zmq_msg_init_size, however, it's a 0-byte
>
>
>
>
> On Fri, Aug 27, 2010 at 3:27 AM, Pieter Hintjens<ph at imatix.com>  wrote:
>> Dhammika,
>>
>> Thanks for this patch.  Can you please (and sorry for the double
>> effort) repost this and state that you license it under MIT/X11?  Even
>> a 1-line fix needs to be properly handled.
>>
>> We really need a better way to organize patches IMO...
>>
>> -Pieter
>>
>> On Fri, Aug 27, 2010 at 10:22 AM, Dhammika Pathirana<dhammika at gmail.com>  wrote:
>>> Hi,
>>>
>>> On receiving a new message, decoder inits a msg with size (*tmpbuf - 1).
>>> But a sender can craft a message such that *tmpbuf is 0 (ie.
>>> zmq::message_t msg((size_t)-1)).
>>> This creates a remote memory corruption in the receiver.
>>>
>>> Patch is a temporary fix, we need a better way to handle malformed messages.
>>>
>>>
>>> Dhammika
>>>
>>>
>>> diff --git a/src/zmq_decoder.cpp b/src/zmq_decoder.cpp
>>> index 8e335c9..3b3e13b 100644
>>> --- a/src/zmq_decoder.cpp
>>> +++ b/src/zmq_decoder.cpp
>>> @@ -55,6 +55,7 @@ bool zmq::zmq_decoder_t::one_byte_size_ready ()
>>>      else {
>>>
>>>          //  TODO:  Handle over-sized message decently.
>>> +        errno_assert (*tmpbuf != 0);
>>>
>>>          //  in_progress is initialised at this point so in theory we should
>>>          //  close it before calling zmq_msg_init_size, however, it's a 0-byte
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>
>>>
>>
>>
>>
>> --
>> -
>> Pieter Hintjens
>> iMatix - www.imatix.com
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev




More information about the zeromq-dev mailing list