QuickFIX/J
  1. QuickFIX/J
  2. QFJ-278

method extractField(Group group, DataDictionary dataDictionary, FieldMap fields) don't check The length of "sohOffset"

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Default Default
    • Resolution: Unresolved
    • Affects Version/s: 1.2.1
    • Fix Version/s: Future Releases
    • Component/s: Engine
    • Labels:
      None

      Description

      In the class Message, method extractField(Group group, DataDictionary dataDictionary, FieldMap fields): The length of "sohOffset" is not checked. This will bring about full range of the message received as Message string out of range.

      For all the field, if it is dataField, its length must be calculated by the former Field(Except for Tag 89/93). Because the data may contain a SOH.
      For example, field 355 is dataField. Its length is in Field 354.
      We must check the offset of the dataField is shorter than length of the message, and the offset's next char is SOH.

      Add this code into Message.extractField():

      //Judge if sohOffset's next char is '\001'.
      if(messageData.indexOf('\001', sohOffset) != sohOffset)
          throw new InvalidMessage("Wrong length of data field.");
      //Judge if sohOffset is shorter than fields.
      if(sohOffset > messageData.length())
          throw new InvalidMessage("Wrong length of data field.");

        Activity

        Hide
        CaiQi added a comment -

        Initiator:send a message which is not comply with the protocol.
        Acceptor:different problems occur.

        For example, the dependances of fields. 354: the length of 355
        354=10 355=123. The accptor will consider it that String out of range.
        354=3 355=123. This is right.

        Show
        CaiQi added a comment - Initiator:send a message which is not comply with the protocol. Acceptor:different problems occur. For example, the dependances of fields. 354: the length of 355 354=10 355=123. The accptor will consider it that String out of range. 354=3 355=123. This is right.

          People

          • Assignee:
            Unassigned
            Reporter:
            CaiQi
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Development