Hi Dave,
Can you please point me the RFC section related to this?
Is this related to RFC 1905 section 4.xx (PDU parsing)?
Or RFC 3416 § 4.2.x
Please suggest.
Thanks,
Saif
----- Original Message ----
From: Dave Shield <[EMAIL PROTECTED]>
To: saifulla Mohd Abdul <[EMAIL PROTECTED]>
Cc: net-snmp-coders@lists.sourceforge.net
Sent: Friday, 23 May, 2008 2:27:52 AM
Subject: Re: Check to prevent snmp request/response oid length more than 128
subids
2008/5/4 Dave Shield <[EMAIL PROTECTED]>:
> 2008/5/3 saifulla Mohd Abdul <[EMAIL PROTECTED]>:
>> Hi,
>> The while loop which extracts subids ( while (length > 0 &&
>>(*objidlength)-- > 0) { ...
>> in asn_parse_objid()) makes *objidlength = -1 for OIDs that contain more than
>> 128 subids.
> It *might* be appropriate to cache the original length at the start
> of the routine, and restore this value in case of over-run. But it
> certainly wouldn't be right to force a length of MAX_OID_LEN.
I've now applied a patch to the 5.3.x, 5.4.x and main development
lines, to restore the previous buffer length if parsing the OID fails.
Given the current state of the 5.2.5 release cycle, I'll leave it to
Wes to decide whether it's worth including this fix in that line as well.
Dave
__________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
