Date: Wed, 10 Feb 2021 03:38:49 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 253393] net-mgmt/net-snmp: After upgrading net-snmp-5.7.3_20.1 to net-snmp-5.9_1.1, some snmp responses are not decoded correctly and discarded. Message-ID: <bug-253393-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253393 Bug ID: 253393 Summary: net-mgmt/net-snmp: After upgrading net-snmp-5.7.3_20.1 to net-snmp-5.9_1.1, some snmp responses are not decoded correctly and discarded. Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: zi@FreeBSD.org Reporter: a.mitrohin@zs.ttk.ru Flags: maintainer-feedback?(zi@FreeBSD.org) Assignee: zi@FreeBSD.org Created attachment 222314 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D222314&action= =3Dedit fix incorrect length comparison An example snmp response that cannot be decoded and is silently discarded.= =20 02:19:20.771922 IP (tos 0x0, ttl 29, id 43952, offset 0, flags [none], proto UDP (17), length 63) 10.22.16.2.161 > 10.7.22.69.54275: [udp sum ok] { SNMPv2c { GetResponse(16) R=3D1248693045 tooBig[errorIndex=3D=3D0] } } 0x0000: 001c c05d ea0f 001d 719b c280 0800 4500 0x0010: 003f abb0 0000 1d11 b79a 0a16 1002 0a07 0x0020: 1645 00a1 d403 002b b2fe 3082 001f 0201 0x0030: 0104 0670 7562 6c69 63a2 8200 1002 044a 0x0040: 6d8b 3502 0101 0201 0030 8200 00 As a result, my program does not see the "tooBig" error, and does not repeat the request with a reduced "max_repetitions" value.=20 Ultimately, the request ends up with an SNMPERR_TIMEOUT error. A patch that fixes this:=20 --- snmplib/asn1.c.orig 2020-08-15 04:41:47.000000000 +0700 +++ snmplib/asn1.c 2021-02-10 02:51:55.625498000 +0700 @@ -348,7 +348,7 @@ * long length; first byte is length of length (after masking high bit) */ len_len =3D (int) ((*pkt & ~0x80) + 1); - if ((int) pkt_len <=3D len_len ) + if ((int) pkt_len < len_len ) return NULL; /* still too short for length and data = */ /* now we know we have enough data to parse length */ --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253393-7788>