-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security fix for V3 protocol downgrade: zeromq/libzmq#1273
testing/ok aja@ Written by: Jasper Lievisse Adriaanse <jasper@openbsd.org>
- Loading branch information
1 parent
d524c52
commit db98384
Showing
4 changed files
with
84 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
$OpenBSD: patch-src_session_base_cpp,v 1.1 2015/05/13 05:08:26 jasper Exp $ | ||
|
||
Security fix for V3 protocol downgrade | ||
https://github.com/zeromq/libzmq/issues/1273 | ||
|
||
--- src/session_base.cpp.orig Tue Oct 14 10:06:40 2014 | ||
+++ src/session_base.cpp Tue May 12 09:04:21 2015 | ||
@@ -323,6 +323,14 @@ int zmq::session_base_t::zap_connect () | ||
return 0; | ||
} | ||
|
||
+bool zmq::session_base_t::zap_enabled () | ||
+{ | ||
+ return ( | ||
+ options.mechanism != ZMQ_NULL || | ||
+ (options.mechanism == ZMQ_NULL && options.zap_domain.length() > 0) | ||
+ ); | ||
+} | ||
+ | ||
void zmq::session_base_t::process_attach (i_engine *engine_) | ||
{ | ||
zmq_assert (engine_ != NULL); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
$OpenBSD: patch-src_session_base_hpp,v 1.1 2015/05/13 05:08:26 jasper Exp $ | ||
|
||
Security fix for V3 protocol downgrade | ||
https://github.com/zeromq/libzmq/issues/1273 | ||
|
||
--- src/session_base.hpp.orig Wed Nov 13 18:57:50 2013 | ||
+++ src/session_base.hpp Tue May 12 09:04:21 2015 | ||
@@ -68,7 +68,8 @@ namespace zmq | ||
int push_msg (msg_t *msg_); | ||
|
||
int zap_connect (); | ||
- | ||
+ bool zap_enabled (); | ||
+ | ||
// Fetches a message. Returns 0 if successful; -1 otherwise. | ||
// The caller is responsible for freeing the message when no | ||
// longer used. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
$OpenBSD: patch-src_stream_engine_cpp,v 1.1 2015/05/13 05:08:26 jasper Exp $ | ||
|
||
Security fix for V3 protocol downgrade | ||
https://github.com/zeromq/libzmq/issues/1273 | ||
|
||
--- src/stream_engine.cpp.orig Tue Oct 14 10:06:40 2014 | ||
+++ src/stream_engine.cpp Tue May 12 09:04:21 2015 | ||
@@ -464,6 +464,11 @@ bool zmq::stream_engine_t::handshake () | ||
// Is the peer using ZMTP/1.0 with no revision number? | ||
// If so, we send and receive rest of identity message | ||
if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) { | ||
+ if (session->zap_enabled ()) { | ||
+ // Reject ZMTP 1.0 connections if ZAP is enabled | ||
+ error (); | ||
+ return false; | ||
+ } | ||
encoder = new (std::nothrow) v1_encoder_t (out_batch_size); | ||
alloc_assert (encoder); | ||
|
||
@@ -505,6 +510,11 @@ bool zmq::stream_engine_t::handshake () | ||
} | ||
else | ||
if (greeting_recv [revision_pos] == ZMTP_1_0) { | ||
+ if (session->zap_enabled ()) { | ||
+ // Reject ZMTP 1.0 connections if ZAP is enabled | ||
+ error (); | ||
+ return false; | ||
+ } | ||
encoder = new (std::nothrow) v1_encoder_t ( | ||
out_batch_size); | ||
alloc_assert (encoder); | ||
@@ -515,6 +525,11 @@ bool zmq::stream_engine_t::handshake () | ||
} | ||
else | ||
if (greeting_recv [revision_pos] == ZMTP_2_0) { | ||
+ if (session->zap_enabled ()) { | ||
+ // Reject ZMTP 1.0 connections if ZAP is enabled | ||
+ error (); | ||
+ return false; | ||
+ } | ||
encoder = new (std::nothrow) v2_encoder_t (out_batch_size); | ||
alloc_assert (encoder); | ||
|