Date: Tue, 14 Jan 2014 18:58:58 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r260636 - head/contrib/bsnmp/lib Message-ID: <201401141858.s0EIwwGK000333@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Jan 14 18:58:57 2014 New Revision: 260636 URL: http://svnweb.freebsd.org/changeset/base/260636 Log: Fix bsnmpd remote denial of service vulnerability. Reported by: dinoex Submitted by: harti Security: FreeBSD-SA-14:01.bsnmpd Security: CVE-2014-1452 Modified: head/contrib/bsnmp/lib/snmpagent.c Modified: head/contrib/bsnmp/lib/snmpagent.c ============================================================================== --- head/contrib/bsnmp/lib/snmpagent.c Tue Jan 14 18:45:32 2014 (r260635) +++ head/contrib/bsnmp/lib/snmpagent.c Tue Jan 14 18:58:57 2014 (r260636) @@ -510,6 +510,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struc for (cnt = 0; cnt < pdu->error_index; cnt++) { eomib = 1; for (i = non_rep; i < pdu->nbindings; i++) { + + if (resp->nbindings == SNMP_MAX_BINDINGS) + /* PDU is full */ + goto done; + if (cnt == 0) result = do_getnext(&context, &pdu->bindings[i], &resp->bindings[resp->nbindings], pdu);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401141858.s0EIwwGK000333>