[tao-bugs] Ability to crash service with invalid input
Electric Worry
worryelectric at gmail.com
Tue May 30 03:55:27 CDT 2017
Hello,
I've been doing some testing of TAO's resilience against malicious input
and I think I've found a minor issue that might warrant some attention. It
appears to only be a null pointer dereference, so is probably not
exploitable, but it can cause a denial of service.
I've just been testing against the MessengerServer from the Dev Guide
Examples, but I believe this issue would be applicable against any
application that uses TAO in a similar way.
Rather than divulge details here, is there anyone I can discuss this with
directly to ascertain whether this is an issue, and if so to allow for
appropriate fixes to be applied?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/tao-bugs/attachments/20170530/8d2d6264/attachment.html>
More information about the tao-bugs
mailing list