[zeromq-dev] Security issues in 0MQ (XML parser)

Pieter Hintjens ph at imatix.com
Tue Jun 1 10:10:57 CEST 2010


Here is a patch with my changes for the most serious issues in the
parser.  There is one unguarded sprintf, and several cases where file
handles would be leaked.


On Tue, Jun 1, 2010 at 9:55 AM, Pieter Hintjens <ph at imatix.com> wrote:
> Martin,
> Douglas Held of Fortify did a scan of the source and found about 150
> potential issues, most of them in the XML parser.  There are some
> fairly serious ones there (leaks, buffer exploits).  I'll send you
> patches, but perhaps it's worth contacting the author to see if he has
> an updated version.
> -Pieter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xmlParser.diff
Type: text/x-patch
Size: 3157 bytes
Desc: not available
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20100601/5bb38e92/attachment.bin>

More information about the zeromq-dev mailing list