On Mon, 14 Nov 2005 13:29:16 -0500 Robert wrote:
RS> On Mon, 14 Nov 2005 10:05:43 -0800 Fong wrote:
RS> FT> In snmp_api.c, when (transport->flags & NETSNMP_TRANSPORT_FLAG_STREAM)
RS> FT> is not true, it malloc the memory for rxbuf at line 5289. By the time,
RS> FT> rxbuf doesn't point to isp->packet.
RS> FT> When transport->f_recv fails (return -1), it should free (rxbuf) not
RS> FT> isp->packet, at line 5302.
RS>
RS> Ah, I fell into the trap of looking at cvs code, which does exactly what
RS> you suggest (fixed last June, apparently).
RS>
RS> So, then the question to coders and the admins is, does this qualify as a
RS> DOS, worth a 5.0.10.3 release? I'd lean towards yes.
Actually, before I'd say yes, I'd need a better test case for reproducing
this. The above leak would be only if recv fails, which should be really rare.
If it were for a malformed packet case, then I'd be concerned. But I built
5.0.10.x cvs with the above free completely commented out, and ran udpsic, and
snmpd memory usage did not budge.
I'm guessing there is another leak in 5.0.9 that has been fixed in 5.0.10.x
that you need to back-port.
If you can reproduce a leak in 5.0.10.2, let us know.
--
NOTE: messages sent directly to me, instead of the lists, will be deleted
unless they are requests for paid consulting services.
Robert Story; NET-SNMP Junkie
Support: <http://www.net-snmp.org/> <irc://irc.freenode.net/#net-snmp>
Archive: <http://sourceforge.net/mailarchive/forum.php?forum=net-snmp-coders>
You are lost in a twisty maze of little standards, all different.
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
