On 11 April 2012 13:49, ashok kumar <ashok.s...@gmail.com> wrote:
> I added a check in _add_strings_to_oid function which is called from
> snmp_parse_oid ->read_objid->_add_strings_to_oid.
> After the first while loop which iterates the total tree matching with
> the passed sub tree, I added the following code:
> if (tp->subid == 0)
> goto bad_id;
>
> This check is skipping the invalid OIDs like 136121160.
Hmmm.....
I'm really not convinced about this.
It's been a while since I looked in detail at the MIB parsing code
(and it's a somewhat poorly commented :-().
But in principle, there's nothing wrong with having numeric
OIDs, where the library doesn't have the relevant MIB files
loaded. I *think* that this will also result in tp entries being
created on the fly (or missing altogether).
A simple check against 0 will also almost certainly break
when given a legitimate sub-identifier value of '0'
such as NET-SNMP-MIB::netSnmpNotifications
I can see the point of checking that the top-level OID
value is one of 0, 1 or 2 (which are the only possibilities)
or that the second subidentifier is <40.
But anything more than that feels dangerous, IMO
Dave
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
