On Wed, 10 Aug 2005 10:58:53 +0100 (BST) saifulla wrote:
SMA> Can you please comment on adding this check to
SMA> snmp_pdu_parse() of snmp_api.c in snmplib/ directory?
Here is a simple patch to the asn parse routine that returns an error any time
the buffer is full before all bytes have been consumed. Since all the net-snmp
routines should be passing in MAX_OID_LEN sized oid arrays, this should
suffice.
Index: snmplib/asn1.c
===================================================================
RCS file: /cvsroot/net-snmp/net-snmp/snmplib/asn1.c,v
retrieving revision 5.9
diff -u -p -r5.9 asn1.c
--- snmplib/asn1.c 10 Dec 2004 15:07:15 -0000 5.9
+++ snmplib/asn1.c 15 Aug 2005 18:10:04 -0000
@@ -1301,6 +1301,11 @@ asn_parse_objid(u_char * data,
*oidp++ = (oid) subidentifier;
}
+ if (0 != length) {
+ ERROR_MSG("OID length exceeds buffer size");
+ return NULL;
+ }
+
/*
* The first two subidentifiers are encoded into the first component
* with the value (X * 40) + Y, where:
===================================================================
--
NOTE: messages sent directly to me, instead of the lists, will be deleted
unless they are requests for paid consulting services.
Robert Story; NET-SNMP Junkie
Support: <http://www.net-snmp.org/> <irc://irc.freenode.net/#net-snmp>
Archive: <http://sourceforge.net/mailarchive/forum.php?forum=net-snmp-coders>
You are lost in a twisty maze of little standards, all different.
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
