On 11/26/2013 02:52 PM, Magnus Fromreide wrote:
On Mon, 2013-11-25 at 19:04 +0800, zhuyj wrote:
On 11/25/2013 02:34 AM, Magnus Fromreide wrote:
On Fri, 2013-11-22 at 14:27 +0800, zhuyj wrote:
4.patch -p1 < V5-7-patches-snmpTargetParam_support_zero_OID.patch
snmpTargetAddrEntry.c:
Chunk #2 is unnecessary - setting members to 0 before freeing the
object they are members of.
snmpTargetAddrEntry.h:
Putting the variable in the hole after nameLen will leave the size of
targetAddrTable_struct unchanged while the suggested location will
expand the size of it by 4 (or 8 on 64-bit) bytes.
snmpTargetParamsEntry.c:
Chunk #2 is unnecessary - setting a member to 0 before freeing the
object it is a member of.
Chunk #9? (get_paramEntry) - it would be more efficient and correct
to check that nameLen == ptr->paramNameLen before memcmp'ing
name and paramName, in particular if nameLen < paramNameLen.
target.c:
Certificate lookup under DTLS uses only the part of the name up to the
first '\0'.
Hi, MF
I agree with other advices from you. But I do not understand this:
target.c:
Certificate lookup under DTLS uses only the part of the name up to the
first '\0'.
Would you like to explain this in details? Thanks a lot.
Sure.
target/target.c:205
cert = netsnmp_cert_find(NS_CERT_IDENTITY, NS_CERTKEY_TARGET_PARAM,
targaddrs->params);
Now, assume that targaddrs->params contains embedded NUL characters.
Hi, Magnus
I made 2 patches to support params and nameData in target/target.c:205
cert = netsnmp_cert_find(NS_CERT_IDENTITY, NS_CERTKEY_TARGET_PARAM,
targaddrs->params);
....
cert = netsnmp_cert_find(NS_CERT_REMOTE_PEER, NS_CERTKEY_TARGET_ADDR,
buf);
....
Please check it. Thanks a lot.
Zhu Yanjun
patch -p1 < V5-7-patches-fix-param-length.patch
patch -p1 < V5-7-patches-conf-support.patch
Why the memset's before read_config_save_octet_string?
An example is as below.
If variable tmp is used as the line1, there are 6 'x' in this variable
tmp.
we will copy 4 'y' to tmp, now the variable tmp is as below line2 if
we do not
memset tmp. It is not what we expect.
line1: tmp: xxxxxx
line2: using: yyyyxx
You can't use NUL as a end of string marker since NUL is a perfectly
valid character. When handing strings to printf you get around that with
printf("%.*s", tmp, 4);
For other methods one usually have to add a method that takes a string
width.
/MF
>From b4a975a0e6cf4926c9e5b6c1dcad377ca76cd208 Mon Sep 17 00:00:00 2001
From: yzhu1 <yanjun....@windriver.com>
Date: Thu, 28 Nov 2013 14:20:10 +0800
Subject: [PATCH 4/5] use params hex string as index
Signed-off-by: yzhu1 <yanjun....@windriver.com>
---
agent/mibgroup/target/target.c | 13 +++++++++----
snmplib/cert_util.c | 8 ++++++--
2 files changed, 15 insertions(+), 6 deletions(-)
mode change 100644 => 100755 snmplib/cert_util.c
diff --git a/agent/mibgroup/target/target.c b/agent/mibgroup/target/target.c
index 0ea8ac3..1463615 100755
--- a/agent/mibgroup/target/target.c
+++ b/agent/mibgroup/target/target.c
@@ -93,7 +93,8 @@ get_target_sessions(char *taglist, TargetFilterFunction * filterfunct,
DEBUGMSGTL(("target_sessions", "found one: %s\n",
tags[i]));
- if (targaddrs->params) {
+ /**params support ascii 0**/
+ if (targaddrs->paramsLen > 0) {
param = get_paramEntry(targaddrs->params, targaddrs->paramsLen);
if (!param
|| param->rowStatus != SNMP_ROW_ACTIVE) {
@@ -197,15 +198,19 @@ get_target_sessions(char *taglist, TargetFilterFunction * filterfunct,
if (!tls) {
netsnmp_cert *cert;
char *server_id = NULL;
- char buf[33];
+ char buf[33],tmp[1024]={0};
+ /**use params hex string as index to find**/
+ read_config_save_octet_string(tmp,
+ targaddrs->params,
+ targaddrs->paramsLen);
DEBUGMSGTL(("target_sessions",
" looking up our id: %s\n",
- targaddrs->params));
+ tmp));
cert =
netsnmp_cert_find(NS_CERT_IDENTITY,
NS_CERTKEY_TARGET_PARAM,
- targaddrs->params);
+ tmp);
netsnmp_assert(t->f_config);
if (cert) {
DEBUGMSGTL(("target_sessions",
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
old mode 100644
new mode 100755
index 246a6c9..fe4ff93
--- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c
@@ -3012,11 +3012,15 @@ netsnmp_tlstmParams_restore_common(char **line)
/** name */
len = sizeof(buf);
tmp = buf;
+ /**To get len and param**/
*line = read_config_read_octet_string(*line, (u_char **)&tmp, &len);
tmp[len] = 0;
/** xxx-rks: validate snmpadminstring? */
- if (len)
- stp->name = strdup(buf);
+ if (len){
+ char temp[SNMP_MAXBUF_SMALL];
+ read_config_save_octet_string(temp, buf, len);
+ stp->name = strdup(temp);/**use param hex value as index**/
+ }
/** fingerprint hash type*/
len = sizeof(buf);
--
1.7.9.5
>From b384952fe606524a30a0f030f3d3c8718357d913 Mon Sep 17 00:00:00 2001
From: yzhu1 <yanjun....@windriver.com>
Date: Thu, 28 Nov 2013 14:44:08 +0800
Subject: [PATCH 5/5] use nameData hex string as index
Signed-off-by: yzhu1 <yanjun....@windriver.com>
---
agent/mibgroup/target/target.c | 14 ++++++++------
snmplib/cert_util.c | 9 ++++++---
2 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/agent/mibgroup/target/target.c b/agent/mibgroup/target/target.c
index 1463615..5c94a4d 100755
--- a/agent/mibgroup/target/target.c
+++ b/agent/mibgroup/target/target.c
@@ -202,7 +202,7 @@ get_target_sessions(char *taglist, TargetFilterFunction * filterfunct,
/**use params hex string as index to find**/
read_config_save_octet_string(tmp,
- targaddrs->params,
+ (const u_char *)targaddrs->params,
targaddrs->paramsLen);
DEBUGMSGTL(("target_sessions",
" looking up our id: %s\n",
@@ -219,16 +219,18 @@ get_target_sessions(char *taglist, TargetFilterFunction * filterfunct,
t->f_config(t, "localCert",
cert->fingerprint);
}
- memcpy(buf, targaddrs->nameData,
- targaddrs->nameLen);
- buf[targaddrs->nameLen] = '\0';
+ /*use nameData hex string to find*/
+ memset(tmp, 0, 1024);
+ read_config_save_octet_string(tmp,
+ (const u_char *)targaddrs->nameData,
+ targaddrs->nameLen);
DEBUGMSGTL(("target_sessions",
" looking up their id: %s\n",
- buf));
+ tmp));
cert =
netsnmp_cert_find(NS_CERT_REMOTE_PEER,
NS_CERTKEY_TARGET_ADDR,
- buf);
+ tmp);
if (cert) {
DEBUGMSGTL(("target_sessions",
" found fingerprint: %s\n",
diff --git a/snmplib/cert_util.c b/snmplib/cert_util.c
index fe4ff93..f1c021a 100755
--- a/snmplib/cert_util.c
+++ b/snmplib/cert_util.c
@@ -3018,7 +3018,7 @@ netsnmp_tlstmParams_restore_common(char **line)
/** xxx-rks: validate snmpadminstring? */
if (len){
char temp[SNMP_MAXBUF_SMALL];
- read_config_save_octet_string(temp, buf, len);
+ read_config_save_octet_string(temp, (const u_char *)buf, len);
stp->name = strdup(temp);/**use param hex value as index**/
}
@@ -3212,7 +3212,8 @@ netsnmp_tlstmAddr_restore_common(char **line, char *name, size_t *name_len,
char *id, size_t *id_len, char *fp,
size_t *fp_len, u_char *ht)
{
- size_t fp_len_save = *fp_len;
+ size_t fp_len_save = *fp_len, name_len_save = *name_len;
+ char tmp[1024] = {0};
*line = read_config_read_octet_string(*line, (u_char **)&name, name_len);
if (NULL == *line) {
@@ -3220,7 +3221,9 @@ netsnmp_tlstmAddr_restore_common(char **line, char *name, size_t *name_len,
return -1;
}
name[*name_len] = 0;
-
+ /**use name hex string as index**/
+ read_config_save_octet_string(tmp, (const u_char *)name, *name_len);
+ snprintf(name, name_len_save, "%s", tmp);
*line = read_config_read_octet_string(*line, (u_char **)&fp, fp_len);
if (NULL == *line) {
config_perror("incomplete line");
--
1.7.9.5
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
