resolve #1292 ZMQ_IDENTITY_FD does not validate option_len

src/router.cpp

@@ -142,7 +142,13 @@ int zmq::router_t::xgetsockopt (int option_, const void *optval_,
                 *optvallen_=sizeof(fd_t);
                 return 0;
             }
+
             if (optval_ && optvallen_ && *optvallen_) {
+                if (*optvallen_ < sizeof(fd_t)) {
+                    *optvallen_=sizeof(fd_t);
+                    return EINVAL;
+                }
+
                 blob_t identity= blob_t((unsigned char*)optval_,*optvallen_);
                 outpipes_t::iterator it = outpipes.find (identity);
                 if (it == outpipes.end() ){

tests/test_id2fd.cpp

@@ -61,10 +61,18 @@ int main (void)
 
             //buffer for  zmq_getsockopt / ZMQ_IDENTITY_FD
             char idbuf[255];
+            char failbuf[2];
             size_t idbufsz=zmq_msg_size (&part);
+            size_t failsz=2;
 
             assert (idbufsz<=255);
             memcpy(idbuf,zmq_msg_data(&part),idbufsz);
+            failbuf[0] = idbuf[0];
+            failbuf[1] = 0;
+
+            // ensure that we validate buffer is sufficient to hold result
+            rc = zmq_getsockopt (server, ZMQ_IDENTITY_FD, failbuf, &failsz);
+            assert (rc == EINVAL);
 
             rc = zmq_getsockopt (server, ZMQ_IDENTITY_FD, idbuf, &idbufsz);
             assert (rc == 0);