[tao-bugs] Ability to crash service with invalid input

Electric Worry worryelectric at gmail.com
Tue May 30 03:55:27 CDT 2017


I've been doing some testing of TAO's resilience against malicious input
and I think I've found a minor issue that might warrant some attention. It
appears to only be a null pointer dereference, so is probably not
exploitable, but it can cause a denial of service.

I've just been testing against the MessengerServer from the Dev Guide
Examples, but I believe this issue would be applicable against any
application that uses TAO in a similar way.

Rather than divulge details here, is there anyone I can discuss this with
directly to ascertain whether this is an issue, and if so to allow for
appropriate fixes to be applied?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/tao-bugs/attachments/20170530/8d2d6264/attachment.html>

More information about the tao-bugs mailing list