On Thu, 2011-02-10 at 15:14 +0000, [email protected] wrote: > Revision: 19920 > http://net-snmp.svn.sourceforge.net/net-snmp/?rev=19920&view=rev > Author: dts12 > Date: 2011-02-10 15:13:59 +0000 (Thu, 10 Feb 2011) > > Log Message: > ----------- > CHANGES: snmplib: PATCHES: 3165878: Catch buffer overrun on 64-bit systems
I would argue that this patch is wrong, but the correct patch is way more invasive. The problem is that we are using u_long to store values of oid type and those are unlikely to be outside the range 0-2**32-1 so the right thing to do would be to switch to a 32-bit type. The problem with that is that there are quite a few places that might depend on this beeing an u_long. Rock and a hard place... /MF ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
