REQ socket recv not correctly discarding entire message when bad ID detected
Description
Environment
Activity
PieterP October 11, 2011 at 11:04 PM
Yes, --signoff is all that's needed. Thanks for this, Martin will add the patch to the libzmq master when he has a moment.
Perry Kundert October 11, 2011 at 8:42 PM
OK, done. Now, this is not a GPG-signed git tag, just a git commit --signoff; hope that's what you meant...
PieterP October 10, 2011 at 6:37 AM
Perry,
What you should do is (and sorry for this extra work) clone the libzmq repo, then apply your changes to that, and create a signed-off commit, then make a formatted patch and send that to the list.
-Pieter
Perry Kundert October 7, 2011 at 4:35 PM
Hi, Martin;
Just wondering – do you want me to re-merge my branch with the master
branch (as it was just before I originally merged it)? I don't understand
how you want me to proceed, since it is already committed, and I need to
re-commit it to sign it...
–
-pjk
On Fri, Oct 7, 2011 at 1:51 AM, Martin Sustrik (Commented) (JIRA) <
Martin Sustrik October 7, 2011 at 7:49 AM
Please, can you send the signed-off patch to the mailing list?
http://www.zeromq.org/docs:contributing#toc5
Unsigned work can't be applied to the master.
Thanks!
In libzmq 3.0.X, REQ sockets send IDs with outgoing requests, and check the ID when receiving the reply. If the ID is bad, the entire message should be discarded, or there is a risk that the remaining message segments could be crafted (or accidentally) appear to be a complete, valid reply.
Fixed by discarding entire message on any ID invalidation, pull request: https://github.com/zeromq/zeromq3-0/pull/8