diff options
author | martijn <martijn@openbsd.org> | 2019-05-13 07:24:50 +0000 |
---|---|---|
committer | martijn <martijn@openbsd.org> | 2019-05-13 07:24:50 +0000 |
commit | 4257fb28657fe1f4dc64a6dbe27584aa3060ed2f (patch) | |
tree | 935b586669197610925309a6a8e3ee6b97780777 /usr.sbin/snmpd | |
parent | Mention introduction of *_conceal. (diff) | |
download | wireguard-openbsd-4257fb28657fe1f4dc64a6dbe27584aa3060ed2f.tar.xz wireguard-openbsd-4257fb28657fe1f4dc64a6dbe27584aa3060ed2f.zip |
According to RFC3414 section 4 applications should be able to discover the
snmpEngineID by sending a noAuthNoPriv request. Move the seclevel check to
after the usm_decode phase, so we can reply with the mandatory
usmStatsUnknownEngineIDs instead of usmStatsUnsupportedSecLevels.
This brings us one step closer to using p5-Net-SNMP with seclevel enc.
OK tb@, rob@
Diffstat (limited to 'usr.sbin/snmpd')
-rw-r--r-- | usr.sbin/snmpd/snmpe.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c index e39fd0bc7b0..8bb063667c1 100644 --- a/usr.sbin/snmpd/snmpe.c +++ b/usr.sbin/snmpd/snmpe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: snmpe.c,v 1.57 2019/04/29 16:04:05 rob Exp $ */ +/* $OpenBSD: snmpe.c,v 1.58 2019/05/13 07:24:50 martijn Exp $ */ /* * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org> @@ -254,6 +254,9 @@ snmpe_parse(struct snmp_message *msg) goto parsefail; msg->sm_flags = *flagstr; + if ((a = usm_decode(msg, a, &msg->sm_errstr)) == NULL) + goto parsefail; + if (MSG_SECLEVEL(msg) < env->sc_min_seclevel || msg->sm_secmodel != SNMP_SEC_USM) { /* XXX currently only USM supported */ @@ -263,9 +266,6 @@ snmpe_parse(struct snmp_message *msg) goto parsefail; } - if ((a = usm_decode(msg, a, &msg->sm_errstr)) == NULL) - goto parsefail; - if (ber_scanf_elements(a, "{xxe", &msg->sm_ctxengineid, &msg->sm_ctxengineid_len, &ctxname, &len, &msg->sm_pdu) != 0) |