Date: Tue, 14 Jan 2014 19:02:15 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r260638 - stable/10/contrib/bsnmp/lib Message-ID: <201401141902.s0EJ2FPw003736@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Jan 14 19:02:14 2014 New Revision: 260638 URL: http://svnweb.freebsd.org/changeset/base/260638 Log: MFC r260636: Fix bsnmpd remote denial of service vulnerability. Reported by: dinoex Submitted by: harti Security: FreeBSD-SA-14:01.bsnmpd Security: CVE-2014-1452 Modified: stable/10/contrib/bsnmp/lib/snmpagent.c Directory Properties: stable/10/ (props changed) Modified: stable/10/contrib/bsnmp/lib/snmpagent.c ============================================================================== --- stable/10/contrib/bsnmp/lib/snmpagent.c Tue Jan 14 18:59:00 2014 (r260637) +++ stable/10/contrib/bsnmp/lib/snmpagent.c Tue Jan 14 19:02:14 2014 (r260638) @@ -499,6 +499,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struc for (cnt = 0; cnt < pdu->error_index; cnt++) { eomib = 1; for (i = non_rep; i < pdu->nbindings; i++) { + + if (resp->nbindings == SNMP_MAX_BINDINGS) + /* PDU is full */ + goto done; + if (cnt == 0) result = do_getnext(&context, &pdu->bindings[i], &resp->bindings[resp->nbindings], pdu);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401141902.s0EJ2FPw003736>