1. 08 Feb, 2018 2 commits
  2. 02 Feb, 2018 1 commit
  3. 21 Oct, 2017 1 commit
  4. 19 Sep, 2017 1 commit
  5. 07 Sep, 2017 1 commit
  6. 06 Sep, 2017 1 commit
  7. 18 Aug, 2017 3 commits
  8. 15 Aug, 2017 2 commits
    • Simon Giesecke's avatar
      Problem: Possible buffer overruns related to metadata in various mechanisms (#2683) · 4a18f620
      Simon Giesecke authored
      * Problem: no test case with CURVE encryption and large identity
      
      Solution: added test case (currently crashing)
      
      * Problem: possible buffer overflow in mechanism_t::add_property
      
      Solution: add target buffer length parameter and check the buffer is sufficiently large
      
      * Problem: test cases accidentally excluded from build
      
      Solution: remove #if/#endif
      
      * Problem: possible buffer overruns related to metadata at various locations
      
      Solution: allocate buffer large enough for actual metadata, reduce code duplication
      
      * Problem: syntax error related to pointer type conversion
      
      Solution: change argument type of make_command_with_basic_properties to const char *
      
      * Problem: large metadata may cause an assertion in produce_initiate
      
      Solution: Allow metadata of arbitrary size in produce_initiate
      4a18f620
    • Simon Giesecke's avatar
      [WIP, do not merge] Problem: insufficient tests for ZMTP-CURVE protocol errors (#2680) · d5e4319e
      Simon Giesecke authored
      * Extracted connect_vanilla_socket function
      
      * Problem: no tests for ZMTP-CURVE protocol errors
      
      Solution: added two test cases with erroneous HELLO commands
      
      * Problem: insufficient tests for ZMTP-CURVE protocol errors
      
      Solution: added two test cases with erroneous HELLO command version
      
      * Problem: test HELLO message is invalid apart from deliberate errors
      
      Solution: create cryptographically correct HELLO message
      add tweetnacl.c to test_security_curve
      
      * Problem: nonce is incorrect, build fails with GCC
      
      Solution: use correct non prefix
      
      * Problem: make builds are failing
      
      Solution: transfer CMake changes to (auto)make files
      
      * Problem: nonce is incorrect, build fails with GCC
      
      Solution: use correct non prefix
      
      * Problem: make builds are failing
      
      Solution: transfer CMake changes to (auto)make files
      
      * Problem: no test with INITIATE command with invalid length
      
      Solution: added test case
      
      * Problem: code duplication between test_security_curve.cpp and curve_client.cpp
      
      Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function
      
      * Problem: code duplication between test_security_curve.cpp and curve_client.cpp
      
      Solution: extracted further parts of zmq::curve_client_t into reusable functions
      added missing file
      
      * Problem: mechanism_t::add_property can be declared static
      
      Solution: declare mechanism_t::add_property static
      
      * Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t
      
      Solution: add non-static member functions
      
      * Problem: msg_t instance may be closed twice
      
      Solution: remove offending close
      
      * Problem: prepare_hello uses static curve_client_tools_t::produce_hello
      
      Solution: Use non-static curve_client_tools_t::produce_hello
      
      * Problem: no test with invalid command name where INITIATE command is expected
      
      Solution: added test case
      
      * Problem: make builds are failing due to curve_client_tools.hpp not being found
      
      Solution: add curve_client_tools.hpp to list of source files
      
      * Problem: wrong initializer order in zmq::curve_client_t
      
      Solution: reorder
      
      * Problem: under non-Windows systems, test fails because random_open was not called
      
      Solution: call random_open/random_close within test
      
      * Problem: conflict between custom function htonll and macro definition on Darwin
      
      Solution: define htonll function only if not defined as a macro
      
      * Problem: nullptr not defined on all platforms
      
      Solution: replace nullptr by NULL
      
      * Problem: libsodium builds not working
      
      Solution: adapt compile and link file sets for libsodium builds
      
      * Problem: Makefile.am broken
      
      Solution: Fix syntax
      
      * Problem: no tests for garbage encrypted cookie or content in INITIATE
      
      Solution: added test cases
      
      * Problem: test cases accidentally excluded from build
      
      Solution: remove #if/#endif
      
      * Solution: some error cases are unreachable
      
      Problem: for the time being, added some comments without changing the code
      
      * Added comments on hard-to-test cases
      d5e4319e
  9. 03 Aug, 2017 1 commit
    • Simon Giesecke's avatar
      Replace console output by monitoring events for curve security issues (#2645) · 5d4e30eb
      Simon Giesecke authored
      * Fixing #2002 one way of doing it
      
       * Mechanisms can implement a new method `error_detail()`
       * This error detail have three values for the moment: no_detail
       (default), protocol, encryption.
          + generic enough to make sense for all mechanisms.
          - low granularity level on information.
      
      * Fixing #2002: implementation of the error details
      
      The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details
      as value.
      
      * Removed Microsoft extenstion for enum member access
      
      This was leading to compilation error under linux.
      
      * Adaptation of CURVE test cases
      
      * Monitoring event: changed API for detailed events
      
      Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by:
      - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL,
      - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL,
      - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION
      
      Adaptation of text case `security_curve`
      
      * Removed event value comparison
      
      This was introduced for the previous API model adaptation
      
      * Removed the prints in std output and added missing details
      
      `current_error_detail` was not set in every protocol error cases
      
      * Fixed initialization of current_error_detail
      
      * Fixed error in greeting test case
      
      The handshake failure due to mechanism mismatch in greeting is actually
      a protocol error. The error handling method consider it like so and
      send a protocol handshake failure monitoring event instead of no_detail.
      
      Fixed the test_security_curve expectation as well.
      
      * Upgraded tests of monitoring events
      
      The tests check the number of monitoring events received
      
      * Problem: does not build under Linux or without ZMQ_DRAFT_API
      
      Solution:
      - properly use ZMQ_DRAFT_API conditional compilation
      - use receive timeouts instead of Sleep
      
      * Problem: duplicate definition of variable 'timeout'
      
      Solution: merged definitions
      
      * Problem: inconsistent timing dependencies
      
      Solution: reduce timing dependency by using timeouts at more places
      
      * Problem: assertion failure under Linux due to unexpected monitor event
      
      Solution: output event type to aid debugging
      
      * Problem: erroneous assertion code
      
      * Problem: assertion failure with a garbage server key due to an extra third event
      
      Solution: changed assertion to expect three events (needs to be checked)
      
      * Problem: extra include directive to non-existent file
      
      Solution: removed include directive
      
      * Problem: assertion failure on appveyor for unknown reason
      
      Solution: improve debug output
      
      * Problem: no build with libsodium and draft api
      
      Solution: add build configurations with libsodium and draft api
      
      * Problem: assertion failure on CI
      
      Solution: change assertion to reflect actual behaviour on CI (at least temporarily)
      
      * Problem: error in condition in assertion code
      
      * Problem: assertion failure on CI
      
      Solution: generalize assertion to match behavior on CI
      
      * Problem: assertion failures on CI
      
      Solution: removed inconsistent assertion on no monitor events before flushing
      improved debuggability by converting function into macro
      
      * Problem: diverging test code for three analogous test cases with garbage key
      
      Solution: extract common code into function
      
      * Problem: does not build without ZMQ_BUILD_DRAFT_API
      
      Solution: introduce dummy variable
      
      * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again
      
      * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer
      
      Solution: Skip tcp_read attempt in that case
      
      * Problem: handshaking event emitted after handshaking failed
      
      Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking
      
      * Include error code in debug output
      
      * Improve debugging output: output flushed events
      
      * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP
      
      * Fixed compilation without ZMQ_BUILD_DRAFT_API
      
      * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency
      
      * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency
      
      * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency
      
      * Fixed assert_monitor_event (require event instead of allowing no event)
      Reverted erroneous change to handshaking condition
      Renamed test_wrong_key to test_garbage_key
      Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE
      
      * Better isolate test cases from each other by providing a fresh context & server for each
      
      * Added diagnostic output
      
      * Changed assertion to reflect actual behavior on CI
      
      * Fixed formatting, observe maximum line length
      
      * Fixed formatting, observe maximum line length
      
      * Increase timeout to check if this fixes valgrind run
      
      * Close server with close_zero_linger
      
      * Increase timeout to check if this fixes valgrind run
      
      * Increase timeout to check if this fixes valgrind run
      
      * Generalize assertion to also work with valgrind
      
      * Fixed formatting
      
      * Add more diagnostic output
      
      * Generalize assertion to also work with valgrind
      5d4e30eb
  10. 28 Jan, 2016 1 commit
  11. 06 Sep, 2015 1 commit
  12. 02 Jun, 2015 1 commit
  13. 22 Jan, 2015 1 commit
  14. 06 May, 2014 1 commit
  15. 02 May, 2014 1 commit
  16. 01 May, 2014 1 commit
  17. 29 Jan, 2014 1 commit
  18. 18 Jan, 2014 1 commit
  19. 12 Jan, 2014 1 commit
  20. 02 Jan, 2014 1 commit
  21. 04 Sep, 2013 1 commit
    • Pieter Hintjens's avatar
      Updated libzmq to match RFC 23, 24, 25, 26 · 28b0a5fa
      Pieter Hintjens authored
      * Command names changed from null terminated to length-specified
      * Command frames use the correct flag (bit 2)
      * test_stream acts as test case for command frames
      * Some code cleanups
      28b0a5fa
  22. 01 Jul, 2013 1 commit
  23. 23 Jun, 2013 1 commit
  24. 22 Jun, 2013 2 commits
  25. 21 Jun, 2013 1 commit
  26. 06 Jun, 2013 1 commit
  27. 19 May, 2013 1 commit
  28. 14 May, 2013 1 commit