[zeromq-dev] ZMQ_STREAM does not receive 16KB but only 8KB, possible information disclosure

Mathias Hablützel mathias.habluetzel at gmail.com
Tue Jun 24 14:25:48 CEST 2014


Hi everyone,

I ran into the issue that sending more than 8KB of data with ZMQ_STREAM
(yeah I know, zmq is not intended for that … anyway) that on the receiver
side it gets truncated.

PoC
https://gist.github.com/0x6d686b/16f79e092156dae223c9

If you look in the memory dump you'll see that at 0x2000 (or 8196 bytes) it
changes from received payload to pre-initialised memory, and also that the
received payload get's split in two part of 8196 bytes.

IMO this MAY result in leaking sensitive information (information
disclosure) if the server side would just reply with the received payload
(like ping does).

I also suggest to document this in the "manpage" of zmq_socket ZMQ_STREAM
that the biggest batch size is 8KB.

Mathias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20140624/eb162e68/attachment.htm>


More information about the zeromq-dev mailing list