CVSROOT: /cvs Module name: src Changes by: r...@cvs.openbsd.org 2015/10/17 04:20:33
Modified files: usr.sbin/snmpd : control.c Log message: Tighten up snmpd's control socket: do not allow users to terminate the daemon by sending corrupted imsgs to snmpd. This is especially important for the optional world-writeable restricted socket that is used for AgentX. In particular, don't fatal() in the daemon when imsg size checks on control messages fail, do stricter validation of expected messages (even assert zero-length imsgs), don't continue and close the control socket on suspicious input, print a debug log message on error. OK gilles@ "the rationale behind it is quite clear"