Hi,
Can you please comment on adding this check to
snmp_pdu_parse() of snmp_api.c in snmplib/ directory?
Regards,
Saif
--- Dave Shield <[EMAIL PROTECTED]> wrote:
> On Wed, 2005-08-10 at 02:14 -0700, Austin Schutz
> wrote:
> > So.. was the original question regarding
> sub-identifiers,
> > or bytes?
>
> Subidentifiers.
>
> > I have seen objects in the wild with greater than
> 128 bytes,
>
> Yes - that's perfectly legal
>
> > but not 128 sub-identifiers.
>
> and that's not.
>
> > It seems like maybe MAX_OID_LEN used to refer
> > to the maximum byte count.
>
> Quite possible. In which case, it's a bug.
>
>
> > So.. the max oid size should be MAX_OID_LEN *
> sizeof(u_long),
> > which is a much bigger string than MAX_OID_LEN *
> sizeof(u_char): 512 vs. 128.
>
> Well strictly speaking, it should probably be
> MAX_OID_LEN * sizeof(oid)
> so it'll have the correct size, regardless of the
> definition of 'oid'.
>
>
> > Btw, according to the gcc docs int is always 32
> bits, long can
> > be 64 on 64 bit platforms. If the spec says the
> max val is 2 ** 32 - 1,
> > then shouldn't that be u_int instead of u_long?
>
> Quite possibly.
> We've had a problem with a variety of approaches to
> integer ranges
> for a long time now. Ideally we'd pick a particular
> set of fixed
> size types (e.g. int8, int32, int64 + uint versions)
> and convert
> everything to use those.
> But the implications for backward compatability
> are so painful,
> that we keep ducking the issue, and hoping it'll go
> away. :-)
>
> Dave
>
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
