[zeromq-dev] Security issues in 0MQ (XML parser)
ph at imatix.com
Tue Jun 1 10:10:57 CEST 2010
Here is a patch with my changes for the most serious issues in the
parser. There is one unguarded sprintf, and several cases where file
handles would be leaked.
On Tue, Jun 1, 2010 at 9:55 AM, Pieter Hintjens <ph at imatix.com> wrote:
> Douglas Held of Fortify did a scan of the source and found about 150
> potential issues, most of them in the XML parser. There are some
> fairly serious ones there (leaks, buffer exploits). I'll send you
> patches, but perhaps it's worth contacting the author to see if he has
> an updated version.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3157 bytes
Desc: not available
More information about the zeromq-dev