diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2008-03-12 13:09:13 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2008-03-12 13:09:13 +0000 |
commit | 5a22b0c27bb2da700052d29a6d75a2a7afb2e196 (patch) | |
tree | 42b6707349a43c2806bd54dce953f2457f8477ab /usr.sbin | |
parent | b81605e61f4c497564d9c25b9057117aa3105fed (diff) |
SNMP has a restricted BER encoding especially all encodings use the
definite-length from. So bail out with an error if this is not the case.
OK cloder@, reyk@
cvs: ----------------------------------------------------------------------
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/snmpd/ber.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/usr.sbin/snmpd/ber.c b/usr.sbin/snmpd/ber.c index 0b96000f936..5610154024d 100644 --- a/usr.sbin/snmpd/ber.c +++ b/usr.sbin/snmpd/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.7 2008/03/12 13:06:09 claudio Exp $ */ +/* $OpenBSD: ber.c,v 1.8 2008/03/12 13:09:12 claudio Exp $ */ /* * Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net> @@ -940,8 +940,7 @@ get_id(struct ber *b, unsigned long *tag, int *class, int *cstruct) } /* - * extract length of a ber object -- if length is unknown a length of -1 is - * returned. + * extract length of a ber object -- if length is unknown an error is returned. */ static ssize_t get_len(struct ber *b, ssize_t *len) @@ -976,8 +975,11 @@ get_len(struct ber *b, ssize_t *len) return -1; } - if (s == 0) - s = -1; + if (s == 0) { + /* invalid encoding */ + errno = EINVAL; + return -1; + } *len = s; return r; |