Hello,
I've posted this on net-snmp-users yesterday, because I haven't noticed that
there is net-snmp-coders mailing list, which seems more appropriate for this
topic. So reposting here.
When decoding an SNMPv2c trap using snmp_pdu_parse() (snmp_api.c) I've noticed
that there is a problem with OID lengths.
If the variable list contains a value that is an OID, the snmp_pdu_parse()
returns incorrect size of this OID in netsnmp_variable_list.val_len field - for
example, if the OID has a length of 11, the function returns a length of 44.
The problem is in the switch() statement which reads the value from the
variables list:
0 case ASN_OBJECT_ID:
1 vp->val_len = MAX_OID_LEN;
2 asn_parse_objid(var_val, &len, &vp->type, objid, &vp->val_len);
3 vp->val_len *= sizeof(oid);
4 vp->val.objid = (oid *) malloc(vp->val_len);
5 if (vp->val.objid == NULL) {
6 return -1;
7 }
8 memmove(vp->val.objid, objid, vp->val_len);
9 break;
In the line 2 the asn_parse_objid() function returns correct value length in
the &vp->val_len variable, but in the next line the value is multiplied by
sizeof(oid) (which in my case is 4).
I suppose the purpouse of this multiplication is that we want to alloc more
memory than necessary for the vp->val.objid, just in case. But changing
vp->val_len results in that we get an incorrect information about how long the
received OID actually is.
I suppose also that it should be dealt with as in the case of decoding an
enterprise OID for SNMPv1 traps (somewhere above in the snmp_api.c):
0 pdu->enterprise_length = MAX_OID_LEN;
1 data = asn_parse_objid(data, length, &type, objid,
2 &pdu->enterprise_length);
3 if (data == NULL)
4 return -1;
5 pdu->enterprise =
6 (oid *) malloc(pdu->enterprise_length * sizeof(oid));
7 if (pdu->enterprise == NULL) {
8 return -1;
9 }
10 memmove(pdu->enterprise, objid,
11 pdu->enterprise_length * sizeof(oid));
Here the multiplication by sizeof(oid) is done inside malloc's and memmove's
argument lists (line 6 and 11) instead of modifying the pdu->enterprise_length
variable.
Am I right here? If not, then is there any other way to get the length of an
OID that is a value inside a variable list?
I've found this problem in version 5.2, but it is there in versions up to 5.6.
Regards,
Tomek
------------------------------------------------------------------------------
What happens now with your Lotus Notes apps - do you make another costly
upgrade, or settle for being marooned without product support? Time to move
off Lotus Notes and onto the cloud with Force.com, apps are easier to build,
use, and manage than apps on traditional platforms. Sign up for the Lotus
Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
