Re: snmp request/response oid length

Mon, 15 Aug 2005 23:07:55 -0700 

Hi Robert,

          Thanks for the patch.

Can it not be in _asn_parse_length_check()? If we do
it
there, it would be better place, i guess. Because we
can avoid unnecessary while loop, if we do it there.

Am i missing some thing?

Regards,
Saif

--- Robert Story <[EMAIL PROTECTED]> wrote:

> On Wed, 10 Aug 2005 10:58:53 +0100 (BST) saifulla
> wrote:
> SMA>      Can you please comment on adding this
> check to
> SMA> snmp_pdu_parse() of snmp_api.c in snmplib/
> directory?
> 
> Here is a simple patch to the asn parse routine that
> returns an error any time
> the buffer is full before all bytes have been
> consumed. Since all the net-snmp
> routines should be passing in MAX_OID_LEN sized oid
> arrays, this should
> suffice.
> 
> Index: snmplib/asn1.c
>
===================================================================
> RCS file:
> /cvsroot/net-snmp/net-snmp/snmplib/asn1.c,v
> retrieving revision 5.9
> diff -u -p -r5.9 asn1.c
> --- snmplib/asn1.c      10 Dec 2004 15:07:15 -0000  
>    5.9
> +++ snmplib/asn1.c      15 Aug 2005 18:10:04 -0000
> @@ -1301,6 +1301,11 @@ asn_parse_objid(u_char *
> data,
>          *oidp++ = (oid) subidentifier;
>      }
> 
> +    if (0 != length) {
> +        ERROR_MSG("OID length exceeds buffer
> size");
> +        return NULL;
> +    }
> +
>      /*
>       * The first two subidentifiers are encoded
> into the first component
>       * with the value (X * 40) + Y, where:
>
===================================================================
> 
> -- 
> NOTE: messages sent directly to me, instead of the
> lists, will be deleted
>       unless they are requests for paid consulting
> services.
> 
> Robert Story; NET-SNMP Junkie
> Support: <http://www.net-snmp.org/>
> <irc://irc.freenode.net/#net-snmp>
> Archive:
>
<http://sourceforge.net/mailarchive/forum.php?forum=net-snmp-coders>
> 
> You are lost in a twisty maze of little standards,
> all different. 
> 



        
        
                
___________________________________________________________ 
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail 
http://uk.messenger.yahoo.com


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to