summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2008-01-03 15:03:48 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2008-01-03 15:03:48 +0000
commit112cf7cff5686997d200548006928fb798d1b4bd (patch)
tree4c2c120b6f56eb8e21be136ea6820c050080d2e2
parent06e06a80feca42c2b02c2a4861b1d2a3904eedb6 (diff)
handle no more than 2147483647 (0x7fffffff) variable bindings
From RFC3416
-rw-r--r--usr.sbin/snmpd/snmpd.h3
-rw-r--r--usr.sbin/snmpd/snmpe.c10
2 files changed, 9 insertions, 4 deletions
diff --git a/usr.sbin/snmpd/snmpd.h b/usr.sbin/snmpd/snmpd.h
index 989653e8091..fc6418536b1 100644
--- a/usr.sbin/snmpd/snmpd.h
+++ b/usr.sbin/snmpd/snmpd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: snmpd.h,v 1.9 2008/01/02 20:54:59 maja Exp $ */
+/* $OpenBSD: snmpd.h,v 1.10 2008/01/03 15:03:47 reyk Exp $ */
/*
* Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net>
@@ -39,6 +39,7 @@
#define SNMPD_MAXSTRLEN 484
#define SNMPD_MAXCOMMUNITYLEN SNMPD_MAXSTRLEN
+#define SNMPD_MAXVARBIND 0x7fffffff
#define SNMPD_MAXVARBINDLEN 1210
#define SMALL_READ_BUF_SIZE 1024
diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c
index 8befbd6e6dc..12048db654d 100644
--- a/usr.sbin/snmpd/snmpe.c
+++ b/usr.sbin/snmpd/snmpe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: snmpe.c,v 1.6 2008/01/03 14:24:15 reyk Exp $ */
+/* $OpenBSD: snmpe.c,v 1.7 2008/01/03 15:03:47 reyk Exp $ */
/*
* Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net>
@@ -501,7 +501,7 @@ snmpe_parse(struct sockaddr_storage *ss,
const char *errstr = "invalid message";
long long ver, req;
unsigned long type, errval, erridx;
- int class, state, i = 0, j = 0;
+ u_int class, state, i = 0, j = 0;
char *comn, buf[BUFSIZ], host[MAXHOSTNAMELEN];
struct ber_oid o;
size_t len;
@@ -614,7 +614,7 @@ snmpe_parse(struct sockaddr_storage *ss,
errstr = "invalid varbind element";
for (i = 1, a = msg->sm_varbind, last = NULL;
- a != NULL; a = next, i++) {
+ a != NULL && i < SNMPD_MAXVARBIND; a = next, i++) {
next = a->be_next;
if (a->be_class != BER_CLASS_UNIVERSAL &&
@@ -630,6 +630,10 @@ snmpe_parse(struct sockaddr_storage *ss,
if (o.bo_n < BER_MIN_OID_LEN ||
o.bo_n > BER_MAX_OID_LEN)
goto varfail;
+ if (msg->sm_context == SNMP_T_SETREQ)
+ stats->snmp_intotalsetvars++;
+ else
+ stats->snmp_intotalreqvars++;
log_debug("snmpe_parse: %s: oid %s", host,
smi_oidstring(&o, buf, sizeof(buf)));
break;