[zeromq-dev] ZMQ_STREAM does not receive 16KB but only 8KB, possible information disclosure

Pieter Hintjens ph at imatix.com
Tue Jun 24 16:20:12 CEST 2014


It's not truncated, rather it's split up. This is inherent to TCP.
There's no framing, and sent data is repacked into MTUs arbitrarily.
You have to read until you've gotten everything you expect. If you
need framing, use a standard socket and ZeroMQ message.

On Tue, Jun 24, 2014 at 2:25 PM, Mathias Hablützel
<mathias.habluetzel at gmail.com> wrote:
> Hi everyone,
>
> I ran into the issue that sending more than 8KB of data with ZMQ_STREAM
> (yeah I know, zmq is not intended for that … anyway) that on the receiver
> side it gets truncated.
>
> PoC
> https://gist.github.com/0x6d686b/16f79e092156dae223c9
>
> If you look in the memory dump you'll see that at 0x2000 (or 8196 bytes) it
> changes from received payload to pre-initialised memory, and also that the
> received payload get's split in two part of 8196 bytes.
>
> IMO this MAY result in leaking sensitive information (information
> disclosure) if the server side would just reply with the received payload
> (like ping does).
>
> I also suggest to document this in the "manpage" of zmq_socket ZMQ_STREAM
> that the biggest batch size is 8KB.
>
> Mathias
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



More information about the zeromq-dev mailing list