-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TODO: Handle over-sized message decently (nmap) #87
Comments
seems to work ok |
We know about this; neither the 2.0.x nor the 2.1.x series have been through a proper audit to make them "Internet ready", i.e. suitable for deploying on potentially untrusted networks. This will be done systematically in the near future once I have some free time to look at it. |
I use it in a trusted environment, but my company uses internal nmap portscans, so I still hope this particular assert() can be removed as soon as possible. |
I noticed the 2.0.10 branch was released without this fix. I understand you want to systematically check all code later, but perhaps this can be first fixed for the 2.0.11 release? An nmap to crash your server is not fun :) |
The real solution is to appear in 2.1.x rather than in 2.0.x series. The problem is that detecting the poisonous data on the connection should close down the connection decently. Closing the connection means dealing with 0MQ shutdown system. 0MQ shutdown system is the most complex part of 0MQ. And by complex I mean really complex. The shutdown system have been completely rewritten for 2.1 to make it somehow less complex and more systematic. Thus, fixing the problem in both 2.0.x and 2.1.x would mean doing the whole work (implementation, testing, debugging etc.) twice. |
Ok. There's a fix in master for the issue. Please, check whether it works as expected and if so, close the issue. |
I just tested it and it's indeed fixed, thanks a lot! |
Add support for vc110_xp in CMake build environment
Stopped using zsys_ file functions (was changed in CZMQ)
Current 2.0.9 version of ZeroMQ does not handle illegal messages correctly. In the current master there is still a zmq_assert in the decoder, so might also have this issue?
Expected: ignore invalid messages, close connection. Do not terminate.
This is an issue when you for example run an "nmap" portscan over a ZeroMQ socket. It will crash your server with the following exit message:
The text was updated successfully, but these errors were encountered: