axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 24808] New: - AxisC++ deserializer doesn't check parameters during deserialize
Date Wed, 19 Nov 2003 07:36:52 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24808>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24808

AxisC++ deserializer doesn't check parameters during deserialize

           Summary: AxisC++ deserializer doesn't check parameters during
                    deserialize
           Product: Axis-C++
           Version: current (nightly)
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Basic Architecture
        AssignedTo: axis-dev@ws.apache.org
        ReportedBy: slang@mcs.anl.gov


I can send the soap message:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <soapenv:Body>
  <AddPoint><p1></p1><p2><x>5</x><y>3</y></p2></AddPoint>
 </soapenv:Body>
</soapenv:Envelope>

And get back the response:

<?xml version='1.0' encoding='utf-8' ?><SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><ns1:AddPointResponse
xmlns:ns1="http://www.opensource.lk/CPPService"><Point xsi:type="ns2:Point
xmlns:ns2="http://www.opensource.lk/Point"><x xsi:type="xsd:int">0</x><y
xsi:type="xsd:int">0</y></Point></ns1:AddPointResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>

As you can tell, the sent soap message is invalid, as it does not contain x and
y elements within the p1 element.  The deserializer doesn't know that x and y
elements are missing, but the service binding code should at least do some kind
of check and return a fault.  I'm not sure if this is specific to the Calculator
sample or if in general services don't return faults if what it expects to see
in a soap message is invalid.

Mime
View raw message