On 21/02/07, Wes Hardaker <[EMAIL PROTECTED]> wrote:
> >>>>> "DS" == Dave Shield <[EMAIL PROTECTED]> writes:
>
> DS> CHANGES: library: BUG: 1660061: Validate engineIDs more strictly.
>
> Err.... That's one of those "if it hurts, don't do that" kind of
> things.
Feel free to reverse the patch to snmp_parse_args.c if you want.
Personally, I think it's a reasonable restriction.
> note that the engineID range restriction is on the MIB object not on
> the packet).
Hmmm... not convinced.
RFC3411 defines the overall "Architecture for SNMP Management
Frameworks", and that clearly assumes that engineIDs will have
at least five octets. See (e.g.) section 6.3
Whatever you decide, please don't reverse the patch to tools.c
This fixes the problem with accepting non-hex digits within
an engineID specification.
For example: 0x1x2x3x4x5x6x would be allowed with
the code as it previously stood!
Dave
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
