[tao-bugs] Ability to crash service with invalid input
worryelectric at gmail.com
Tue May 30 03:55:27 CDT 2017
I've been doing some testing of TAO's resilience against malicious input
and I think I've found a minor issue that might warrant some attention. It
appears to only be a null pointer dereference, so is probably not
exploitable, but it can cause a denial of service.
I've just been testing against the MessengerServer from the Dev Guide
Examples, but I believe this issue would be applicable against any
application that uses TAO in a similar way.
Rather than divulge details here, is there anyone I can discuss this with
directly to ascertain whether this is an issue, and if so to allow for
appropriate fixes to be applied?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tao-bugs