Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
zeromq
zeromq-CVE-2014-7202.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File zeromq-CVE-2014-7202.patch of Package zeromq
diff -urN zeromq-4.0.4.old/src/stream_engine.cpp zeromq-4.0.4/src/stream_engine.cpp --- zeromq-4.0.4.old/src/stream_engine.cpp 2014-09-29 10:18:04.359648652 +0200 +++ zeromq-4.0.4/src/stream_engine.cpp 2014-09-29 10:31:17.980648557 +0200 @@ -530,20 +530,23 @@ in_batch_size, options.maxmsgsize); alloc_assert (decoder); - if (memcmp (greeting_recv + 12, "NULL\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { + if (options.mechanism == ZMQ_NULL + && memcmp (greeting_recv + 12, "NULL\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { mechanism = new (std::nothrow) null_mechanism_t (session, peer_address, options); alloc_assert (mechanism); } else - if (memcmp (greeting_recv + 12, "PLAIN\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { + if (options.mechanism == ZMQ_PLAIN + && memcmp (greeting_recv + 12, "PLAIN\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { mechanism = new (std::nothrow) plain_mechanism_t (session, peer_address, options); alloc_assert (mechanism); } #ifdef HAVE_LIBSODIUM else - if (memcmp (greeting_recv + 12, "CURVE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { + if (options.mechanism == ZMQ_CURVE + && memcmp (greeting_recv + 12, "CURVE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { if (options.as_server) mechanism = new (std::nothrow) curve_server_t (session, peer_address, options); diff -urN zeromq-4.0.4.old/tests/test_security_curve.cpp zeromq-4.0.4/tests/test_security_curve.cpp --- zeromq-4.0.4.old/tests/test_security_curve.cpp 2014-09-29 10:18:04.350648652 +0200 +++ zeromq-4.0.4/tests/test_security_curve.cpp 2014-09-29 10:28:23.813648578 +0200 @@ -181,7 +181,7 @@ close_zero_linger (client); // Check CURVE security with bogus client credentials - // This must be caught by the ZAP handler + // This must be caught by the curve_server class, not passed to ZAP char bogus_public [41]; char bogus_secret [41]; zmq_curve_keypair (bogus_public, bogus_secret);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor