~ubuntu-branches/ubuntu/wily/zeromq3/wily-proposed

« back to all changes in this revision

Viewing changes to tests/test_security_plain.cpp

Committer: Package Import Robot
Author(s): Laszlo Boszormenyi (GCS)
Date: 2015-05-05 21:06:02 UTC
Revision ID: package-import@ubuntu.com-20150505210602-7nmw5z31bei3puj6

Tags: 4.0.5+dfsg-3

http://bugs.debian.org/784366

V3 protocol handler vulnerable to downgrade attacks, use upstream
backported fix for this issue (closes: #784366).

files added:
.pc/protocol-downgrade-attack.patch

.pc/protocol-downgrade-attack.patch/src

.pc/protocol-downgrade-attack.patch/src/session_base.cpp

.pc/protocol-downgrade-attack.patch/src/session_base.hpp

.pc/protocol-downgrade-attack.patch/src/stream_engine.cpp

.pc/protocol-downgrade-attack.patch/tests

.pc/protocol-downgrade-attack.patch/tests/test_security_curve.cpp

.pc/protocol-downgrade-attack.patch/tests/test_security_null.cpp

.pc/protocol-downgrade-attack.patch/tests/test_security_plain.cpp

debian/patches/protocol-downgrade-attack.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

src/session_base.cpp

src/session_base.hpp

src/stream_engine.cpp

tests/test_security_curve.cpp

tests/test_security_null.cpp

tests/test_security_plain.cpp

Show diffs side-by-side

added added

removed removed

tests/test_security_plain.cpp

This file is part of 0MQ.

#include "testutil.hpp"

#if defined (ZMQ_HAVE_WINDOWS)

# include <winsock2.h>

# include <ws2tcpip.h>

# include <stdexcept>

# define close closesocket

#else

# include <sys/socket.h>

# include <netinet/in.h>

# include <arpa/inet.h>

# include <unistd.h>

#endif

static void

zap_handler (void *ctx)

137

148

expect_bounce_fail (server, client);

138

149

close_zero_linger (client);

139

150

151

// Unauthenticated messages from a vanilla socket shouldn't be received

152

struct sockaddr_in ip4addr;

153

int s;

154

155

ip4addr.sin_family = AF_INET;

156

ip4addr.sin_port = htons (9998);

157

inet_pton (AF_INET, "127.0.0.1", &ip4addr.sin_addr);

158

159

s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);

160

rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr));

161

assert (rc > -1);

162

// send anonymous ZMTP/1.0 greeting

163

send (s, "\x01\x00", 2, 0);

164

// send sneaky message that shouldn't be received

165

send (s, "\x08\x00sneaky\0", 9, 0);

166

int timeout = 150;

167

zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));

168

char *buf = s_recv (server);

169

if (buf != NULL) {

170

printf ("Received unauthenticated message: %s\n", buf);

171

assert (buf == NULL);

172

}

173

close (s);

174

140

175

// Shutdown

141

176

rc = zmq_close (server);

142

177

assert (rc == 0);

Older »