summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorreyk <reyk@openbsd.org>2008-01-03 15:03:47 +0000
committerreyk <reyk@openbsd.org>2008-01-03 15:03:47 +0000
commit867e780389e2ef84f71d383f9c528883bfa4224c (patch)
tree591d9544eb6d51f056fed58454c709a81406fe5a
parentFix page fault trap which occured when device was detached after a failed (diff)
downloadwireguard-openbsd-867e780389e2ef84f71d383f9c528883bfa4224c.tar.xz
wireguard-openbsd-867e780389e2ef84f71d383f9c528883bfa4224c.zip
handle no more than 2147483647 (0x7fffffff) variable bindings
From RFC3416
Diffstat
-rw-r--r--usr.sbin/snmpd/snmpd.h3
-rw-r--r--usr.sbin/snmpd/snmpe.c10
2 files changed, 9 insertions, 4 deletions
diff --git a/usr.sbin/snmpd/snmpd.h b/usr.sbin/snmpd/snmpd.h
index 989653e8091..fc6418536b1 100644
--- a/usr.sbin/snmpd/snmpd.h
+++ b/usr.sbin/snmpd/snmpd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: snmpd.h,v 1.9 2008/01/02 20:54:59 maja Exp $ */
+/* $OpenBSD: snmpd.h,v 1.10 2008/01/03 15:03:47 reyk Exp $ */
/*
* Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net>
@@ -39,6 +39,7 @@
#define SNMPD_MAXSTRLEN 484
#define SNMPD_MAXCOMMUNITYLEN SNMPD_MAXSTRLEN
+#define SNMPD_MAXVARBIND 0x7fffffff
#define SNMPD_MAXVARBINDLEN 1210
#define SMALL_READ_BUF_SIZE 1024
diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c
index 8befbd6e6dc..12048db654d 100644
--- a/usr.sbin/snmpd/snmpe.c
+++ b/usr.sbin/snmpd/snmpe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: snmpe.c,v 1.6 2008/01/03 14:24:15 reyk Exp $ */
+/* $OpenBSD: snmpe.c,v 1.7 2008/01/03 15:03:47 reyk Exp $ */
/*
* Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net>
@@ -501,7 +501,7 @@ snmpe_parse(struct sockaddr_storage *ss,
const char *errstr = "invalid message";
long long ver, req;
unsigned long type, errval, erridx;
- int class, state, i = 0, j = 0;
+ u_int class, state, i = 0, j = 0;
char *comn, buf[BUFSIZ], host[MAXHOSTNAMELEN];
struct ber_oid o;
size_t len;
@@ -614,7 +614,7 @@ snmpe_parse(struct sockaddr_storage *ss,
errstr = "invalid varbind element";
for (i = 1, a = msg->sm_varbind, last = NULL;
- a != NULL; a = next, i++) {
+ a != NULL && i < SNMPD_MAXVARBIND; a = next, i++) {
next = a->be_next;
if (a->be_class != BER_CLASS_UNIVERSAL &&
@@ -630,6 +630,10 @@ snmpe_parse(struct sockaddr_storage *ss,
if (o.bo_n < BER_MIN_OID_LEN ||
o.bo_n > BER_MAX_OID_LEN)
goto varfail;
+ if (msg->sm_context == SNMP_T_SETREQ)
+ stats->snmp_intotalsetvars++;
+ else
+ stats->snmp_intotalreqvars++;
log_debug("snmpe_parse: %s: oid %s", host,
smi_oidstring(&o, buf, sizeof(buf)));
break;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.