diff options
| author | Martijn van Duren <martijn@cvs.openbsd.org> | 2022-01-19 10:28:14 +0000 |
|---|---|---|
| committer | Martijn van Duren <martijn@cvs.openbsd.org> | 2022-01-19 10:28:14 +0000 |
| commit | 1eaa72ea6236347648539210b2605dcd4165086d (patch) | |
| tree | 0121832b27b91c288ece1bd1ae95458144afb065 /usr.sbin/snmpd/snmpe.c | |
| parent | ea5e8df90f1841d57e036ca9960ec6c891ab1ed2 (diff) | |
Make sure that we ASN1 verify the varbindlist as soon as we unpack it.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
Diffstat (limited to 'usr.sbin/snmpd/snmpe.c')
| -rw-r--r-- | usr.sbin/snmpd/snmpe.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c index 37772386fb2..e6686dbf36d 100644 --- a/usr.sbin/snmpd/snmpe.c +++ b/usr.sbin/snmpd/snmpe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: snmpe.c,v 1.79 2022/01/19 10:22:48 martijn Exp $ */ +/* $OpenBSD: snmpe.c,v 1.80 2022/01/19 10:28:13 martijn Exp $ */ /* * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org> @@ -426,6 +426,11 @@ badversion: goto fail; } + for (a = msg->sm_varbind; a != NULL; a = a->be_next) { + if (ober_scanf_elements(a, "{oS$}", NULL) == -1) + goto parsefail; + } + msg->sm_request = req; msg->sm_error = errval; msg->sm_errorindex = erridx; |