summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartijn van Duren <martijn@cvs.openbsd.org>2022-01-19 10:28:14 +0000
committerMartijn van Duren <martijn@cvs.openbsd.org>2022-01-19 10:28:14 +0000
commit1eaa72ea6236347648539210b2605dcd4165086d (patch)
tree0121832b27b91c288ece1bd1ae95458144afb065
parentea5e8df90f1841d57e036ca9960ec6c891ab1ed2 (diff)
Make sure that we ASN1 verify the varbindlist as soon as we unpack it.
OK jmatthew@ tested as part of larger diff by sthen@ and Joel Carnat
-rw-r--r--usr.sbin/snmpd/snmpe.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c
index 37772386fb2..e6686dbf36d 100644
--- a/usr.sbin/snmpd/snmpe.c
+++ b/usr.sbin/snmpd/snmpe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: snmpe.c,v 1.79 2022/01/19 10:22:48 martijn Exp $ */
+/* $OpenBSD: snmpe.c,v 1.80 2022/01/19 10:28:13 martijn Exp $ */
/*
* Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -426,6 +426,11 @@ badversion:
goto fail;
}
+ for (a = msg->sm_varbind; a != NULL; a = a->be_next) {
+ if (ober_scanf_elements(a, "{oS$}", NULL) == -1)
+ goto parsefail;
+ }
+
msg->sm_request = req;
msg->sm_error = errval;
msg->sm_errorindex = erridx;