Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Jan 2014 19:17:21 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r260642 - in stable: 8/contrib/bsnmp/lib 9/contrib/bsnmp/lib
Message-ID:  <201401141917.s0EJHLrV008669@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Tue Jan 14 19:17:20 2014
New Revision: 260642
URL: http://svnweb.freebsd.org/changeset/base/260642

Log:
  MFC r260636:
  
  Fix bsnmpd remote denial of service vulnerability.
  
  Reported by:	dinoex
  Submitted by:	harti
  Security:	FreeBSD-SA-14:01.bsnmpd
  Security:	CVE-2014-1452

Modified:
  stable/9/contrib/bsnmp/lib/snmpagent.c
Directory Properties:
  stable/9/contrib/bsnmp/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/8/contrib/bsnmp/lib/snmpagent.c
Directory Properties:
  stable/8/contrib/bsnmp/   (props changed)

Modified: stable/9/contrib/bsnmp/lib/snmpagent.c
==============================================================================
--- stable/9/contrib/bsnmp/lib/snmpagent.c	Tue Jan 14 19:12:40 2014	(r260641)
+++ stable/9/contrib/bsnmp/lib/snmpagent.c	Tue Jan 14 19:17:20 2014	(r260642)
@@ -499,6 +499,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struc
 	for (cnt = 0; cnt < pdu->error_index; cnt++) {
 		eomib = 1;
 		for (i = non_rep; i < pdu->nbindings; i++) {
+
+			if (resp->nbindings == SNMP_MAX_BINDINGS)
+				/* PDU is full */
+				goto done;
+
 			if (cnt == 0) 
 				result = do_getnext(&context, &pdu->bindings[i],
 				    &resp->bindings[resp->nbindings], pdu);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401141917.s0EJHLrV008669>