NULL pointer write on "bulkget system icmp"
snmp_agent.c:handle_one_var() doesn't check NULL value of return pointer after calling snmp_add_null_var(). On my setup, writes to NULL pointer structure from a "bulkget system icmp" request.
Not sure why snmp_add_null_var() returned NULL (many cases do) or what proper fix is.
It's here: http://exr.lunn.ch/http/source/packages/net/snmp/agent/current/src/snmp_agent.c#L453 var_ptr2 = snmp_add_null_var(asp->pdu, var_ptr->name, MAX_OID_LEN); for ( i=var_ptr->name_length ; i<MAX_OID_LEN ; i++) !!! var_ptr2->name[i] = 0; !!! var_ptr2->name_length = var_ptr->name_length; allDone = FALSE; -- Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss
