In snmp_api.c, when (transport->flags & NETSNMP_TRANSPORT_FLAG_STREAM) is not true, it malloc the memory for rxbuf at line 5289. By the time, rxbuf doesn't point to isp->packet. When transport->f_recv fails (return -1), it should free (rxbuf) not isp->packet, at line 5302.
-----Original Message----- From: Robert Story [mailto:[EMAIL PROTECTED] Sent: Monday, November 14, 2005 9:42 AM To: Fong Tsui Cc: net-snmp-coders@lists.sourceforge.net; Dave Shield Subject: Re: snmpd memory grows on invalid udp requests --- security???? On Thu, 10 Nov 2005 13:43:50 -0800 Fong wrote: FT> I tested on our system, not standard linux. FT> FT> I dig into the code and found that it frees wrong memory when it is in FT> non- NETSNMP_TRANSPORT_FLAG_STREAM situation. FT> FT> It is in snmp_api.c at line:5302 on release version 5.0.10.2. You'll have to be more specific on why it's the wrong memory. A quick glance at the code looks ok to me. -- NOTE: messages sent directly to me, instead of the lists, will be deleted unless they are requests for paid consulting services. Robert Story; NET-SNMP Junkie Support: <http://www.net-snmp.org/> <irc://irc.freenode.net/#net-snmp> Archive: <http://sourceforge.net/mailarchive/forum.php?forum=net-snmp-coders> You are lost in a twisty maze of little standards, all different. ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
