[zeromq-dev] Vulnerability of devices to incoming messages
Brian Granger
ellisonbg at gmail.com
Sun Aug 29 22:06:54 CEST 2010
Pieter,
Did your fix get merged?
Cheers,
Brian
On Wed, Aug 11, 2010 at 11:41 AM, Pieter Hintjens <ph at imatix.com> wrote:
> On Wed, Aug 11, 2010 at 8:37 PM, Matt Weinstein
> <matt_weinstein at yahoo.com> wrote:
>
>> Here's one argument against this:
>> If you forward a malformed stream to an XREP you have a design flaw, and you
>> should fix it. Proper input checking should be done.
>
> This is a good point. The standard devices could check their input
> before sending it on. However they don't know the type of the backend
> socket, do they? So they can't determine whether it needs a multipart
> message or not. Sorry if I'm not getting this right...
>
>> Making the traffic disappear without any indication will make error
>> detection and correction much more difficult, especially when dealing with
>> these exotic socket types.
>
> Indeed. Silently dropping the message seems wrong.
>
>> If you do decide to implement the non-strict form, it is still an error IMO
>> and should return an error indication, even if it does not cause massive
>> destruction within the environment.
>
> OK, I'll leave the branch open until we get consensus on this.
>
> Thanks
> Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
--
Brian E. Granger, Ph.D.
Assistant Professor of Physics
Cal Poly State University, San Luis Obispo
bgranger at calpoly.edu
ellisonbg at gmail.com
More information about the zeromq-dev
mailing list