[tao-bugs] Ability to crash service with invalid input
Johnny Willemsen
jwillemsen at remedy.nl
Tue May 30 04:06:25 CDT 2017
Hi,
You can always open a pull request at
https://github.com/DOCGroup/ACE_TAO with the proposed fixes for review.
Best regards,
Johnny Willemsen
Remedy IT
Postbus 81 | 6930 AB Westervoort | The Netherlands
http://www.remedy.nl
On 05/30/2017 10:55 AM, Electric Worry wrote:
> Hello,
>
> I've been doing some testing of TAO's resilience against malicious
> input and I think I've found a minor issue that might warrant some
> attention. It appears to only be a null pointer dereference, so is
> probably not exploitable, but it can cause a denial of service.
>
> I've just been testing against the MessengerServer from the Dev Guide
> Examples, but I believe this issue would be applicable against any
> application that uses TAO in a similar way.
>
> Rather than divulge details here, is there anyone I can discuss this
> with directly to ascertain whether this is an issue, and if so to
> allow for appropriate fixes to be applied?
>
> Thanks.
>
>
> _______________________________________________
> tao-bugs mailing list
> tao-bugs at list.isis.vanderbilt.edu
> http://list.isis.vanderbilt.edu/cgi-bin/mailman/listinfo/tao-bugs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/tao-bugs/attachments/20170530/79232c33/attachment.html>
More information about the tao-bugs
mailing list