[zeromq-dev] Vulnerability of devices to incoming messages

Brian Granger ellisonbg at gmail.com
Sun Aug 29 22:06:54 CEST 2010


Did your fix get merged?



On Wed, Aug 11, 2010 at 11:41 AM, Pieter Hintjens <ph at imatix.com> wrote:
> On Wed, Aug 11, 2010 at 8:37 PM, Matt Weinstein
> <matt_weinstein at yahoo.com> wrote:
>> Here's one argument against this:
>> If you forward a malformed stream to an XREP you have a design flaw, and you
>> should fix it.  Proper input checking should be done.
> This is a good point.  The standard devices could check their input
> before sending it on.  However they don't know the type of the backend
> socket, do they?  So they can't determine whether it needs a multipart
> message or not.  Sorry if I'm not getting this right...
>> Making the traffic disappear without any indication will make error
>> detection and correction much more difficult, especially when dealing with
>> these exotic socket types.
> Indeed.  Silently dropping the message seems wrong.
>> If you do decide to implement the non-strict form, it is still an error IMO
>> and should return an error indication, even if it does not cause massive
>> destruction within the environment.
> OK, I'll leave the branch open until we get consensus on this.
> Thanks
> Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

Brian E. Granger, Ph.D.
Assistant Professor of Physics
Cal Poly State University, San Luis Obispo
bgranger at calpoly.edu
ellisonbg at gmail.com

More information about the zeromq-dev mailing list