Re: [Quickfix-developers] security issues?
Brought to you by:
orenmnero
Menu
▾
▴
Re: [Quickfix-developers] security issues?
|
From: Oren M. <or...@qu...> - 2005-08-04 04:55:44
|
There have not been any reported issues to this effect. Most of the library makes use of STL, so traditional buffer overflow issues wouldn't likely be present in those areas. If there were any buffer overflow vulnerabilities, the most likely area of concern in my opinion might be in the field conversion (and perhaps message parsing) code since much of this uses lower level buffers now due to performance optimizations. We do have a significant set of unit tests which check boundary conditions. As I said, no overflow vulnerabilities have been reported for any version of the library and we have no particular reason to believe they exist. This is based on four years of production use by many companies out in the field. However, to my knowledge, no one has done a comprehensive security audit. --oren On Aug 3, 2005, at 6:45 PM, Sol wrote: > Are there any known security issues with quickfix, whether fixed or > not? Such as buffer overflow vulnerability, etc. > > Our network security guys want confirmation that somebody has > looked for these problems, and hopefully addressed them, before our > system can be approved for deployment. > > -sol > |
