diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2008-01-03 15:03:48 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2008-01-03 15:03:48 +0000 |
| commit | 112cf7cff5686997d200548006928fb798d1b4bd (patch) | |
| tree | 4c2c120b6f56eb8e21be136ea6820c050080d2e2 /usr.sbin | |
| parent | 06e06a80feca42c2b02c2a4861b1d2a3904eedb6 (diff) | |
handle no more than 2147483647 (0x7fffffff) variable bindings
From RFC3416
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/snmpd/snmpd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/snmpd/snmpe.c | 10 |
2 files changed, 9 insertions, 4 deletions
diff --git a/usr.sbin/snmpd/snmpd.h b/usr.sbin/snmpd/snmpd.h index 989653e8091..fc6418536b1 100644 --- a/usr.sbin/snmpd/snmpd.h +++ b/usr.sbin/snmpd/snmpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: snmpd.h,v 1.9 2008/01/02 20:54:59 maja Exp $ */ +/* $OpenBSD: snmpd.h,v 1.10 2008/01/03 15:03:47 reyk Exp $ */ /* * Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net> @@ -39,6 +39,7 @@ #define SNMPD_MAXSTRLEN 484 #define SNMPD_MAXCOMMUNITYLEN SNMPD_MAXSTRLEN +#define SNMPD_MAXVARBIND 0x7fffffff #define SNMPD_MAXVARBINDLEN 1210 #define SMALL_READ_BUF_SIZE 1024 diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c index 8befbd6e6dc..12048db654d 100644 --- a/usr.sbin/snmpd/snmpe.c +++ b/usr.sbin/snmpd/snmpe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: snmpe.c,v 1.6 2008/01/03 14:24:15 reyk Exp $ */ +/* $OpenBSD: snmpe.c,v 1.7 2008/01/03 15:03:47 reyk Exp $ */ /* * Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net> @@ -501,7 +501,7 @@ snmpe_parse(struct sockaddr_storage *ss, const char *errstr = "invalid message"; long long ver, req; unsigned long type, errval, erridx; - int class, state, i = 0, j = 0; + u_int class, state, i = 0, j = 0; char *comn, buf[BUFSIZ], host[MAXHOSTNAMELEN]; struct ber_oid o; size_t len; @@ -614,7 +614,7 @@ snmpe_parse(struct sockaddr_storage *ss, errstr = "invalid varbind element"; for (i = 1, a = msg->sm_varbind, last = NULL; - a != NULL; a = next, i++) { + a != NULL && i < SNMPD_MAXVARBIND; a = next, i++) { next = a->be_next; if (a->be_class != BER_CLASS_UNIVERSAL && @@ -630,6 +630,10 @@ snmpe_parse(struct sockaddr_storage *ss, if (o.bo_n < BER_MIN_OID_LEN || o.bo_n > BER_MAX_OID_LEN) goto varfail; + if (msg->sm_context == SNMP_T_SETREQ) + stats->snmp_intotalsetvars++; + else + stats->snmp_intotalreqvars++; log_debug("snmpe_parse: %s: oid %s", host, smi_oidstring(&o, buf, sizeof(buf))); break; |