New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nng_recv() appears to be vulnerable to buffer overran attack #1603
Comments
Please see NNG_OPT_RECVMAXSZ which exists specifically to address this concern. |
Thanks, NNG_OPT_RECVMAXSZ does address the issue to a large extent. Two concerns still remain:
|
A few things:
|
(I would be willing to accept a PR for enhancing the docs for nng_recv though.) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
nng_recv()
, when called withNNG_FLAG_ALLOC
, allocates buffer for the received data. However, there does not appear to be an way to limit the maximum size of thisbuffer. This behaviour is similar to the
strcpy()
operator, which is a notorious source of security vulnerabilities.Therefore,
net_recv()
must be deprecated and replaced with the callint nng_recvn(nng_socket s, void *data, size_t *sizep, size_t max_size, int flags);
The text was updated successfully, but these errors were encountered: