[zeromq-dev] Security issues in 0MQ (XML parser)

Pieter Hintjens ph at imatix.com
Tue Jun 1 10:10:57 CEST 2010


Martin,

Here is a patch with my changes for the most serious issues in the
parser.  There is one unguarded sprintf, and several cases where file
handles would be leaked.

-Pieter

On Tue, Jun 1, 2010 at 9:55 AM, Pieter Hintjens <ph at imatix.com> wrote:
> Martin,
>
> Douglas Held of Fortify did a scan of the source and found about 150
> potential issues, most of them in the XML parser.  There are some
> fairly serious ones there (leaks, buffer exploits).  I'll send you
> patches, but perhaps it's worth contacting the author to see if he has
> an updated version.
>
> -Pieter
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xmlParser.diff
Type: text/x-patch
Size: 3157 bytes
Desc: not available
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20100601/5bb38e92/attachment.bin>


More information about the zeromq-dev mailing list