If read-write is set to disabled, also disable reading with the private

community. Issue reported by Steven Surdock ssurdock <at> engineered-net <dot> com OK deraadt@ claudio@ sthen@
author: martijn <martijn@openbsd.org> 2020-05-02 14:22:31 +0000
committer: martijn <martijn@openbsd.org> 2020-05-02 14:22:31 +0000
commit: 683fa785bcefcba5f123f7aa35bbb125ffb459b5 (patch)
tree: d8113190c0db5f8dc0d48761bc307401c678d164 /usr.sbin/snmpd
parent: Cleanup the output functions a bit. show_neighbor_full() should print some (diff)
download: wireguard-openbsd-683fa785bcefcba5f123f7aa35bbb125ffb459b5.tar.xz
wireguard-openbsd-683fa785bcefcba5f123f7aa35bbb125ffb459b5.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c
index 375014c76b5..a4104924008 100644
--- a/usr.sbin/snmpd/snmpe.c
+++ b/usr.sbin/snmpd/snmpe.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: snmpe.c,v 1.61 2020/02/14 15:08:46 martijn Exp $	*/
+/*	$OpenBSD: snmpe.c,v 1.62 2020/05/02 14:22:31 martijn Exp $	*/
 
 /*
  * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -309,7 +309,8 @@ snmpe_parse(struct snmp_message *msg)
 			stats->snmp_ingetnexts++;
 		if (msg->sm_version != SNMP_V3 &&
 		    strcmp(env->sc_rdcommunity, msg->sm_community) != 0 &&
-		    strcmp(env->sc_rwcommunity, msg->sm_community) != 0) {
+		    (env->sc_readonly ||
+		    strcmp(env->sc_rwcommunity, msg->sm_community) != 0)) {
 			stats->snmp_inbadcommunitynames++;
 			msg->sm_errstr = "wrong read community";
 			goto fail;
@@ -320,7 +321,8 @@ snmpe_parse(struct snmp_message *msg)
 	case SNMP_C_SETREQ:
 		stats->snmp_insetrequests++;
 		if (msg->sm_version != SNMP_V3 &&
-		    strcmp(env->sc_rwcommunity, msg->sm_community) != 0) {
+		    (env->sc_readonly ||
+		    strcmp(env->sc_rwcommunity, msg->sm_community) != 0)) {
 			if (strcmp(env->sc_rdcommunity, msg->sm_community) != 0)
 				stats->snmp_inbadcommunitynames++;
 			else
author	martijn <martijn@openbsd.org>	2020-05-02 14:22:31 +0000
committer	martijn <martijn@openbsd.org>	2020-05-02 14:22:31 +0000
commit	683fa785bcefcba5f123f7aa35bbb125ffb459b5 (patch)
tree	d8113190c0db5f8dc0d48761bc307401c678d164 /usr.sbin/snmpd
parent	Cleanup the output functions a bit. show_neighbor_full() should print some (diff)
download	wireguard-openbsd-683fa785bcefcba5f123f7aa35bbb125ffb459b5.tar.xz wireguard-openbsd-683fa785bcefcba5f123f7aa35bbb125ffb459b5.zip