File zeromq-CVE-2014-7202.patch of Package zeromq.2353
diff -urN zeromq-4.0.4.old/src/stream_engine.cpp zeromq-4.0.4/src/stream_engine.cpp
--- zeromq-4.0.4.old/src/stream_engine.cpp 2014-09-29 10:18:04.359648652 +0200
+++ zeromq-4.0.4/src/stream_engine.cpp 2014-09-29 10:31:17.980648557 +0200
@@ -530,20 +530,23 @@
in_batch_size, options.maxmsgsize);
alloc_assert (decoder);
- if (memcmp (greeting_recv + 12, "NULL\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {
+ if (options.mechanism == ZMQ_NULL
+ && memcmp (greeting_recv + 12, "NULL\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {
mechanism = new (std::nothrow)
null_mechanism_t (session, peer_address, options);
alloc_assert (mechanism);
}
else
- if (memcmp (greeting_recv + 12, "PLAIN\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {
+ if (options.mechanism == ZMQ_PLAIN
+ && memcmp (greeting_recv + 12, "PLAIN\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {
mechanism = new (std::nothrow)
plain_mechanism_t (session, peer_address, options);
alloc_assert (mechanism);
}
#ifdef HAVE_LIBSODIUM
else
- if (memcmp (greeting_recv + 12, "CURVE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {
+ if (options.mechanism == ZMQ_CURVE
+ && memcmp (greeting_recv + 12, "CURVE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {
if (options.as_server)
mechanism = new (std::nothrow)
curve_server_t (session, peer_address, options);
diff -urN zeromq-4.0.4.old/tests/test_security_curve.cpp zeromq-4.0.4/tests/test_security_curve.cpp
--- zeromq-4.0.4.old/tests/test_security_curve.cpp 2014-09-29 10:18:04.350648652 +0200
+++ zeromq-4.0.4/tests/test_security_curve.cpp 2014-09-29 10:28:23.813648578 +0200
@@ -181,7 +181,7 @@
close_zero_linger (client);
// Check CURVE security with bogus client credentials
- // This must be caught by the ZAP handler
+ // This must be caught by the curve_server class, not passed to ZAP
char bogus_public [41];
char bogus_secret [41];
zmq_curve_keypair (bogus_public, bogus_secret);
