From worryelectric at gmail.com  Tue May 30 03:55:27 2017
From: worryelectric at gmail.com (Electric Worry)
Date: Tue, 30 May 2017 09:55:27 +0100
Subject: [tao-bugs] Ability to crash service with invalid input
Message-ID: <CABZPTZRcLDgV3610V_QvTJTukjdXZBpBPAC32awx7ySYTj=tjQ@mail.gmail.com>

Hello,

I've been doing some testing of TAO's resilience against malicious input
and I think I've found a minor issue that might warrant some attention. It
appears to only be a null pointer dereference, so is probably not
exploitable, but it can cause a denial of service.

I've just been testing against the MessengerServer from the Dev Guide
Examples, but I believe this issue would be applicable against any
application that uses TAO in a similar way.

Rather than divulge details here, is there anyone I can discuss this with
directly to ascertain whether this is an issue, and if so to allow for
appropriate fixes to be applied?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/tao-bugs/attachments/20170530/8d2d6264/attachment.html>

From jwillemsen at remedy.nl  Tue May 30 04:06:25 2017
From: jwillemsen at remedy.nl (Johnny Willemsen)
Date: Tue, 30 May 2017 11:06:25 +0200
Subject: [tao-bugs] Ability to crash service with invalid input
In-Reply-To: <CABZPTZRcLDgV3610V_QvTJTukjdXZBpBPAC32awx7ySYTj=tjQ@mail.gmail.com>
References: <CABZPTZRcLDgV3610V_QvTJTukjdXZBpBPAC32awx7ySYTj=tjQ@mail.gmail.com>
Message-ID: <49fe65ef-b83b-f584-6813-629a332fba47@remedy.nl>

Hi,

You can always open a pull request at
https://github.com/DOCGroup/ACE_TAO with the proposed fixes for review.

Best regards,

Johnny Willemsen
Remedy IT
Postbus 81 | 6930 AB Westervoort | The Netherlands
http://www.remedy.nl

On 05/30/2017 10:55 AM, Electric Worry wrote:
> Hello,
>
> I've been doing some testing of TAO's resilience against malicious
> input and I think I've found a minor issue that might warrant some
> attention. It appears to only be a null pointer dereference, so is
> probably not exploitable, but it can cause a denial of service.
>
> I've just been testing against the MessengerServer from the Dev Guide
> Examples, but I believe this issue would be applicable against any
> application that uses TAO in a similar way.
>
> Rather than divulge details here, is there anyone I can discuss this
> with directly to ascertain whether this is an issue, and if so to
> allow for appropriate fixes to be applied?
>
> Thanks.
>
>
> _______________________________________________
> tao-bugs mailing list
> tao-bugs at list.isis.vanderbilt.edu
> http://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/tao-bugs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/tao-bugs/attachments/20170530/79232c33/attachment.html>

From worryelectric at gmail.com  Tue May 30 06:47:12 2017
From: worryelectric at gmail.com (Electric Worry)
Date: Tue, 30 May 2017 12:47:12 +0100
Subject: [tao-bugs] Ability to crash service with invalid input
In-Reply-To: <49fe65ef-b83b-f584-6813-629a332fba47@remedy.nl>
References: <CABZPTZRcLDgV3610V_QvTJTukjdXZBpBPAC32awx7ySYTj=tjQ@mail.gmail.com>
 <49fe65ef-b83b-f584-6813-629a332fba47@remedy.nl>
Message-ID: <CABZPTZRNACDG6ssq3MUw2jmbqXB998EkK_-Bf1U029W=kQFnSA@mail.gmail.com>

Is that what would be preferred? I don't want to publicly disclose details
of a vulnerability in case it's used to affect users' services. Private
disclosure might be better?

On 30 May 2017 at 10:06, Johnny Willemsen <jwillemsen at remedy.nl> wrote:

> Hi,
> You can always open a pull request at https://github.com/DOCGroup/ACE_TAO
> with the proposed fixes for review.
>
> Best regards,
>
> Johnny Willemsen
> Remedy IT
> Postbus 81 | 6930 AB Westervoort | The Netherlandshttp://www.remedy.nl
>
> On 05/30/2017 10:55 AM, Electric Worry wrote:
>
> Hello,
>
> I've been doing some testing of TAO's resilience against malicious input
> and I think I've found a minor issue that might warrant some attention. It
> appears to only be a null pointer dereference, so is probably not
> exploitable, but it can cause a denial of service.
>
> I've just been testing against the MessengerServer from the Dev Guide
> Examples, but I believe this issue would be applicable against any
> application that uses TAO in a similar way.
>
> Rather than divulge details here, is there anyone I can discuss this with
> directly to ascertain whether this is an issue, and if so to allow for
> appropriate fixes to be applied?
>
> Thanks.
>
>
> _______________________________________________
> tao-bugs mailing listtao-bugs at list.isis.vanderbilt.eduhttp://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/tao-bugs
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/tao-bugs/attachments/20170530/ab294854/attachment.html>

From jwillemsen at remedy.nl  Wed May 31 02:45:47 2017
From: jwillemsen at remedy.nl (Johnny Willemsen)
Date: Wed, 31 May 2017 09:45:47 +0200
Subject: [tao-bugs] Ability to crash service with invalid input
In-Reply-To: <CABZPTZRNACDG6ssq3MUw2jmbqXB998EkK_-Bf1U029W=kQFnSA@mail.gmail.com>
References: <CABZPTZRcLDgV3610V_QvTJTukjdXZBpBPAC32awx7ySYTj=tjQ@mail.gmail.com>
 <49fe65ef-b83b-f584-6813-629a332fba47@remedy.nl>
 <CABZPTZRNACDG6ssq3MUw2jmbqXB998EkK_-Bf1U029W=kQFnSA@mail.gmail.com>
Message-ID: <75c5d2e9-74a9-2937-ea98-c3d5b209cdbb@remedy.nl>

Hi,

> Is that what would be preferred? I don't want to publicly disclose
> details of a vulnerability in case it's used to affect users' services.
> Private disclosure might be better?

When you submit a pull request with the necessary fixes you don't have
to disclose how to misuse it, just contribute the change to fix it.

Johnny

> 
> On 30 May 2017 at 10:06, Johnny Willemsen <jwillemsen at remedy.nl
> <mailto:jwillemsen at remedy.nl>> wrote:
> 
>     Hi,
> 
>     You can always open a pull request at
>     https://github.com/DOCGroup/ACE_TAO
>     <https://github.com/DOCGroup/ACE_TAO> with the proposed fixes for
>     review.
> 
>     Best regards,
> 
>     Johnny Willemsen
>     Remedy IT
>     Postbus 81 | 6930 AB Westervoort | The Netherlands
>     http://www.remedy.nl
> 
>     On 05/30/2017 10:55 AM, Electric Worry wrote:
>>     Hello,
>>
>>     I've been doing some testing of TAO's resilience against malicious
>>     input and I think I've found a minor issue that might warrant some
>>     attention. It appears to only be a null pointer dereference, so is
>>     probably not exploitable, but it can cause a denial of service.
>>
>>     I've just been testing against the MessengerServer from the Dev
>>     Guide Examples, but I believe this issue would be applicable
>>     against any application that uses TAO in a similar way.
>>
>>     Rather than divulge details here, is there anyone I can discuss
>>     this with directly to ascertain whether this is an issue, and if
>>     so to allow for appropriate fixes to be applied?
>>
>>     Thanks.
>>
>>
>>     _______________________________________________
>>     tao-bugs mailing list
>>     tao-bugs at list.isis.vanderbilt.edu
>>     <mailto:tao-bugs at list.isis.vanderbilt.edu>
>>     http://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/tao-bugs
>>     <http://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/tao-bugs>
> 
>