On 22/01/07, Dave Shield <[EMAIL PROTECTED]> wrote:
On 21/01/07, Magnus Fromreide <[EMAIL PROTECTED]> wrote:
> The current net-snmp handling of [a short trap OID] seems
> to be SIGSEGV, so I suppose something have to be done.
Crashing out is not a good idea, no!
At the very least, I'd be inclined to log an error and discard the trap.
I'm attaching a patch that's intended to address this problem.
The reason I'm not committing it to the CVS tree is that there seems
to be something strange happening with the 'vblist->var_len' field.
Tests run this morning on my laptop seemed to indicate that this
contained the number of subidentifiers in the OID value, rather than
the size of this value.
But the line:
len = vblist->var_len/sizeof(oid);
clearly expects this to be the size of the raw data (which is
how it's used elsewhere).
I must have been tempting fate with my comments yesterday about the
effects of ten years plus working on this code. Can someone please
test this patch, and confirm whether or not it works correctly. Both with
"invalidly-short" trap OIDs (i.e. two subidentifiers) AND "short but valid"
trap OIDs (e.g. four or five subidentifiers).
I'm reluctant to commit this patch without some sort of feedback, or
a good night's sleep or five.
Dave
Index: agent/agent_trap.c
===================================================================
RCS file: /cvsroot/net-snmp/net-snmp/agent/agent_trap.c,v
retrieving revision 5.36
diff -u -r5.36 agent_trap.c
--- agent/agent_trap.c 23 Jan 2007 14:10:25 -0000 5.36
+++ agent/agent_trap.c 24 Jan 2007 16:16:13 -0000
@@ -435,6 +435,12 @@
* into enterprise and specific trap
*/
len = vblist->val_len / sizeof(oid);
+ if ( len <= 2 ) {
+ snmp_log(LOG_WARNING,
+ "send_trap: v2 trapOID too short (%d)\n", len);
+ snmp_free_pdu(template_v1pdu);
+ return NULL;
+ }
template_v1pdu->trap_type = SNMP_TRAP_ENTERPRISESPECIFIC;
template_v1pdu->specific_type = vblist->val.objid[len - 1];
len--;
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
