RE: [Quickfix-developers] potential infinite loop in QuickFIX Message constructor
Brought to you by:
orenmnero
Menu
▾
▴
RE: [Quickfix-developers] potential infinite loop in QuickFIX Message constructor
|
From: Brendan B. B. <br...@ka...> - 2004-09-28 23:51:33
|
Yihu,
You might want to see if my fix in Message::setString(...) for a
related problem works as well.
The message I sent on 9/2 follows.
Regards,
Brendan
Hi,
Suppose a FIX::Message is constructed from a string and suppose the
string is a concatenation of two FIX messages (e.g. suppose you're
reading from a log of FIX msgs which somehow was corrupted).
In Message::setString(const std::string, bool, const DataDictionary
*), w/o the two lines I've added below, this will be an infinite loop
as pos will increase through the massage which corresponds to the
'first' message and then reset to a low value when it reaches the
'second' message in the string i.e. pos will never be >=
string.size().
while ( pos < string.size() )
{
FieldBase field = extractField( string, pos, pDataDictionary );
// Begin brendan, 9/2/04
if (pos < pos2) throw InvalidMessage();
else pos2 = pos;
// End brendan, 9/2/04
if ( count < 3 && headerOrder[ count++ ] != field.getField() )
if ( doValidation ) throw InvalidMessage();
...
}
Regards,
Brendan
> Message: 2
> Date: Mon, 27 Sep 2004 16:58:18 -0400
> From: Yihu Fang <Yih...@re...>
> To: Oren Miller <or...@qu...>,
> qui...@li...
> Subject: [Quickfix-developers] potential infinite loop in
> QuickFIX Message constructor
>
> This is a multi-part message in MIME format.
>
> ------_=_NextPart_001_01C4A4D4.B7119FAC
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> Oren,
>
> =20
>
> There is a bug in QuickFIX Message constructor which may exists in all
> versions. An ill-formatted FIX message can let the constructor run into
> a tight infinite loop. If the FIX message has an extra white space at
> the end of trailer "8=3DFIX.4.0<SOH>...<SOH>10=3Dxxx<SOH> ", or any extra
> characters in that matter, the constructor calls setString() and results
> in an infinite loop.
>
> =20
>
> The fix is to check the value of the equalSign and throw an exception if
> not found. The diff of current CVS Message.cpp should be:
>
> =20
>
> 560a561,562
>
> > if (equalSign =3D=3D std::string::npos)
>
> > throw InvalidMessage();
>
> =20
>
> Thanks.
>
> =20
>
> -Yihu
|