varbind was designed to allow both a ber NULL and a NULL pointer for
value. The ber NULL case is there for when it was received via a PDU.
The NULL pointer case can happen if application.c runs into a timeout
or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and
results in an "missing value" error, (needlessly) terminating the
connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support
for vmd.
OK?
martijn@
Index: application.c
===================================================================
RCS file: /cvs/src/usr.sbin/snmpd/application.c,v
retrieving revision 1.15
diff -u -p -r1.15 application.c
--- application.c 31 Aug 2022 09:19:22 -0000 1.15
+++ application.c 13 Sep 2022 09:59:19 -0000
@@ -1170,8 +1170,11 @@ appl_varbind_valid(struct appl_varbind *
int eomv = 0;
if (varbind->av_value == NULL) {
- *errstr = "missing value";
- return 0;
+ if (!null) {
+ *errstr = "missing value";
+ return 0;
+ }
+ return 1;
}
if (varbind->av_value->be_class == BER_CLASS_UNIVERSAL) {
switch (varbind->av_value->be_type) {
