Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in / Register
Toggle navigation
L
libzmq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Packages
Packages
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
submodule
libzmq
Commits
fa82aa11
Unverified
Commit
fa82aa11
authored
Jul 08, 2019
by
Doron Somech
Committed by
GitHub
Jul 08, 2019
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #3564 from bluca/news
CVE-2019-13132
parents
ddd0da2f
c2488ed5
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
143 additions
and
17 deletions
+143
-17
NEWS
NEWS
+113
-0
zmq_getsockopt.txt
doc/zmq_getsockopt.txt
+4
-4
changelog
packaging/debian/changelog
+1
-1
zeromq.dsc.obs
packaging/debian/zeromq.dsc.obs
+1
-1
zeromq.spec
packaging/redhat/zeromq.spec
+1
-1
curve_server.cpp
src/curve_server.cpp
+23
-10
No files found.
NEWS
View file @
fa82aa11
0MQ version 4.3.2 stable, released on 20xx/xx/xx
================================================
* CVE-2019-13132: a remote, unauthenticated client connecting to a
libzmq application, running with a socket listening with CURVE
encryption/authentication enabled, may cause a stack overflow and
overwrite the stack with arbitrary data, due to a buffer overflow in
the library. Users running public servers with the above configuration
are highly encouraged to upgrade as soon as possible, as there are no
known mitigations. All versions from 4.0.0 and upwards are affected.
Thank you Fang-Pen Lin for finding the issue and reporting it!
* New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports
a versioned monitoring events protocol as a parameter. Passing 1 results in
the same behaviour as zmq_socket_monitor.
Version 2 of the events protocol allows new events, new metadata, different
socket types for the monitors and more. It is described in details in
doc/zmq_socket_monitor_versioned.txt
* New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers
a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned
v2 API, which contains the current status of all the queues owned by the
monitored socket. See doc/zmq_socket_monitor_versioned.txt for details.
* New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread
safe socket. See doc/zmq_poller.txt for details.
* New DRAFT (see NEWS for 4.2.0) socket options:
- ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid
duplicates when using last value caching.
- ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy
authentication.
See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
* Implemented background thread names for Windows, when the Visual Studio
debugger is being used.
* Fixed #3358 - test_security_zap failing due to SIGBUS on SPARC64, hard-coded
IPC socket binds in tests cause race conditions
* Fixed #3361 - enabling GSSAPI support (when using autools) does not work due
to regression introduced in 4.2.3
* Fixed #3362 - remove documentation for ZMQ_THREAD_PRIORITY context option
getter, it's not implemented
* Fixed #3363 - tests fail to build due to stricter compiler printf validation
in new versions of GCC
* Fixed #3367 - try to infer cacheline size at build time, first with
getconf LEVEL1_DCACHE_LINESIZE, and then by reading
/sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size
(autoconf only), and only then falling back to the previous
default of 64 bytes. Avoids false sharing on POWER and s390x.
Import ax_func_posix_memalign.m4 as a more reliable check for
posix_memalign presence on some unix platforms.
Prefer c++11 atomic primitives to compiler intrinsics, when
both are available, as the former is more reliable.
Set test_pair_ipc and test_rebind_ipc to XFAIL on GNU/Hurd due
to non-functioning getsockname on AF_UNIX.
* Fixed #3370 - Make queue length and HWM state observable
* Fixed #3373 - performance regression in zmq_poll on CentOS 6/7
* Fixed #3375 - assign names to all pthreads created by the library to ease
debugging
* Fixed #3376 - assigned random TIPC port is not returned by ZMQ_LAST_ENDPOINT
* Fixed #3385 - TCP port in ZMQ_LAST_ENDPOINT depends on global locale
* Fixed #3404 - use std::condition_variable_any when possible
* Fixed #3436 - reconnect interval exponential backoff and may lead to integer
overflows
* Fixed #3440 - improve zmq_proxy performance by batching of up to 1000
consecutive messages (if any) and add perf/proxy_thr tool
* Fixed #3451 - fix support of /dev/poll on Solaris
* Fixed #3452 - strnlen may not be available
* Fixed #1462 - test failure in test_filter_ipc due to invalid system groups
* Fixed #3269 - Boost.ASIO integration stopped working with v4.3.0
* Fixed #3479 - ZeroMQ does not build for QNX 6.6 with CMake
* Fixed #3481 - add <ios> include to fix uClibc++ compilation
* Fixed #3491 - build broken on Fedora 30
* Fixed #3494 - ZeroMQConfig.cmake fails if shared libraries are not built
* Fixed #3498 - syntax error on Windows related to socket descriptor type
* Fixed #3500 - PLAIN HELLO message incorrectly uses WELCOME literal, regression
introduced in 4.3.0
* Fixed #3517 - configure errors because of syntax errors in the use of test
shell command
* Fixed #3521 - document how to achieve high performance with the PGM transport
* Fixed #3526 - failure case behavior unclear in zmq_msg_send documentation
* Fixed #3537 - fix build on z/OS by using pthread_equal instead of comparing
variables directly
* Fixed #3546 - CMake links with librt on MinGW which is not available
* Many coding style, duplication, testing and static analysis improvements.
0MQ version 4.3.1 stable, released on 2019/01/12
================================================
...
...
doc/zmq_getsockopt.txt
View file @
fa82aa11
...
...
@@ -224,7 +224,7 @@ Applicable socket types:: all, when using TCP or IPC transports
ZMQ_GSSAPI_SERVER: Retrieve current GSSAPI server role
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~
Returns the 'ZMQ_GSSAPI_SERVER' option, if any, previously set on the socket.
[horizontal]
...
...
@@ -744,7 +744,7 @@ Applicable socket types:: all, when using TCP transports.
ZMQ_TCP_KEEPALIVE_IDLE: Override TCP_KEEPIDLE (or TCP_KEEPALIVE on some OS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~
Override 'TCP_KEEPIDLE'(or 'TCP_KEEPALIVE' on some OS) socket option (where
supported by OS). The default value of `-1` means to skip any overrides and
leave it to OS default.
...
...
@@ -923,7 +923,7 @@ Applicable socket types:: ZMQ_ROUTER
ZMQ_IN_BATCH_SIZE: Maximal receive batch size
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gets the maximal amount of messages that can be received in a single
'recv' system call.
...
...
@@ -939,7 +939,7 @@ Applicable socket types:: All, when using TCP, IPC, PGM or NORM transport.
ZMQ_OUT_BATCH_SIZE: Maximal send batch size
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gets the maximal amount of messages that can be sent in a single
'send' system call.
...
...
packaging/debian/changelog
View file @
fa82aa11
zeromq (4.3.
0
) UNRELEASED; urgency=low
zeromq (4.3.
2
) UNRELEASED; urgency=low
* Initial packaging.
...
...
packaging/debian/zeromq.dsc.obs
View file @
fa82aa11
...
...
@@ -2,7 +2,7 @@ Format: 3.0 (quilt)
Source: zeromq
Binary: libzmq5, libzmq3-dev, libzmq5-dbg
Architecture: any
Version: 4.3.
0
Version: 4.3.
2
Maintainer: libzmq Developers <zeromq-dev@lists.zeromq.org>
Homepage: http://www.zeromq.org/
Standards-Version: 3.9.8
...
...
packaging/redhat/zeromq.spec
View file @
fa82aa11
...
...
@@ -10,7 +10,7 @@
%endif
%define lib_name libzmq5
Name: zeromq
Version: 4.3.
0
Version: 4.3.
2
Release: 1%{?dist}
Summary: The ZeroMQ messaging library
Group: Applications/Internet
...
...
src/curve_server.cpp
View file @
fa82aa11
...
...
@@ -327,8 +327,12 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
const
size_t
clen
=
(
size
-
113
)
+
crypto_box_BOXZEROBYTES
;
uint8_t
initiate_nonce
[
crypto_box_NONCEBYTES
];
uint8_t
initiate_plaintext
[
crypto_box_ZEROBYTES
+
128
+
256
];
uint8_t
initiate_box
[
crypto_box_BOXZEROBYTES
+
144
+
256
];
uint8_t
*
initiate_plaintext
=
static_cast
<
uint8_t
*>
(
malloc
(
crypto_box_ZEROBYTES
+
clen
));
alloc_assert
(
initiate_plaintext
);
uint8_t
*
initiate_box
=
static_cast
<
uint8_t
*>
(
malloc
(
crypto_box_BOXZEROBYTES
+
clen
));
alloc_assert
(
initiate_box
);
// Open Box [C + vouch + metadata](C'->S')
memset
(
initiate_box
,
0
,
crypto_box_BOXZEROBYTES
);
...
...
@@ -339,6 +343,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
memcpy
(
initiate_nonce
+
16
,
initiate
+
105
,
8
);
cn_peer_nonce
=
get_uint64
(
initiate
+
105
);
const
uint8_t
*
client_key
=
initiate_plaintext
+
crypto_box_ZEROBYTES
;
rc
=
crypto_box_open
(
initiate_plaintext
,
initiate_box
,
clen
,
initiate_nonce
,
_cn_client
,
_cn_secret
);
if
(
rc
!=
0
)
{
...
...
@@ -346,11 +352,10 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
session
->
get_socket
()
->
event_handshake_failed_protocol
(
session
->
get_endpoint
(),
ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC
);
errno
=
EPROTO
;
return
-
1
;
rc
=
-
1
;
goto
exit
;
}
const
uint8_t
*
client_key
=
initiate_plaintext
+
crypto_box_ZEROBYTES
;
uint8_t
vouch_nonce
[
crypto_box_NONCEBYTES
];
uint8_t
vouch_plaintext
[
crypto_box_ZEROBYTES
+
64
];
uint8_t
vouch_box
[
crypto_box_BOXZEROBYTES
+
80
];
...
...
@@ -371,7 +376,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
session
->
get_socket
()
->
event_handshake_failed_protocol
(
session
->
get_endpoint
(),
ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC
);
errno
=
EPROTO
;
return
-
1
;
rc
=
-
1
;
goto
exit
;
}
// What we decrypted must be the client's short-term public key
...
...
@@ -383,7 +389,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
session
->
get_socket
()
->
event_handshake_failed_protocol
(
session
->
get_endpoint
(),
ZMQ_PROTOCOL_ERROR_ZMTP_KEY_EXCHANGE
);
errno
=
EPROTO
;
return
-
1
;
rc
=
-
1
;
goto
exit
;
}
// Precompute connection secret from client key
...
...
@@ -405,7 +412,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
// is attempted)
rc
=
receive_and_process_zap_reply
();
if
(
rc
==
-
1
)
return
-
1
;
goto
exit
;
}
else
if
(
!
options
.
zap_enforce_domain
)
{
// This supports the Stonehouse pattern (encryption without
// authentication) in legacy mode (domain set but no handler).
...
...
@@ -413,15 +420,21 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
}
else
{
session
->
get_socket
()
->
event_handshake_failed_no_detail
(
session
->
get_endpoint
(),
EFAULT
);
return
-
1
;
rc
=
-
1
;
goto
exit
;
}
}
else
{
// This supports the Stonehouse pattern (encryption without authentication).
state
=
sending_ready
;
}
r
eturn
parse_metadata
(
initiate_plaintext
+
crypto_box_ZEROBYTES
+
128
,
r
c
=
parse_metadata
(
initiate_plaintext
+
crypto_box_ZEROBYTES
+
128
,
clen
-
crypto_box_ZEROBYTES
-
128
);
exit
:
free
(
initiate_plaintext
);
free
(
initiate_box
);
return
rc
;
}
int
zmq
::
curve_server_t
::
produce_ready
(
msg_t
*
msg_
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment