Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Feb 2021 03:38:49 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 253393] net-mgmt/net-snmp: After upgrading net-snmp-5.7.3_20.1 to net-snmp-5.9_1.1, some snmp responses are not decoded correctly and discarded.
Message-ID:  <bug-253393-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253393

            Bug ID: 253393
           Summary: net-mgmt/net-snmp: After upgrading net-snmp-5.7.3_20.1
                    to net-snmp-5.9_1.1, some snmp responses are not
                    decoded correctly and discarded.
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: zi@FreeBSD.org
          Reporter: a.mitrohin@zs.ttk.ru
             Flags: maintainer-feedback?(zi@FreeBSD.org)
          Assignee: zi@FreeBSD.org

Created attachment 222314
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D222314&action=
=3Dedit
fix incorrect length comparison

An example snmp response that cannot be decoded and is silently discarded.=
=20

02:19:20.771922 IP (tos 0x0, ttl 29, id 43952, offset 0, flags [none], proto
UDP (17), length 63)
    10.22.16.2.161 > 10.7.22.69.54275: [udp sum ok]  { SNMPv2c {
GetResponse(16) R=3D1248693045  tooBig[errorIndex=3D=3D0] } }
        0x0000:  001c c05d ea0f 001d 719b c280 0800 4500
        0x0010:  003f abb0 0000 1d11 b79a 0a16 1002 0a07
        0x0020:  1645 00a1 d403 002b b2fe 3082 001f 0201
        0x0030:  0104 0670 7562 6c69 63a2 8200 1002 044a
        0x0040:  6d8b 3502 0101 0201 0030 8200 00

As a result, my program does not see the "tooBig" error, and does not repeat
the request with a reduced "max_repetitions" value.=20

Ultimately, the request ends up with an SNMPERR_TIMEOUT error.


A patch that fixes this:=20

--- snmplib/asn1.c.orig 2020-08-15 04:41:47.000000000 +0700
+++ snmplib/asn1.c      2021-02-10 02:51:55.625498000 +0700
@@ -348,7 +348,7 @@
          * long length; first byte is length of length (after masking high
bit)
          */
         len_len =3D (int) ((*pkt & ~0x80) + 1);
-        if ((int) pkt_len <=3D len_len )
+        if ((int) pkt_len < len_len )
             return NULL;           /* still too short for length and data =
*/

         /* now we know we have enough data to parse length */

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253393-7788>