Date: Tue, 14 Jan 2014 19:10:38 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r260640 - releng/10.0/contrib/bsnmp/lib Message-ID: <201401141910.s0EJAcDg006712@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Jan 14 19:10:38 2014 New Revision: 260640 URL: http://svnweb.freebsd.org/changeset/base/260640 Log: MFS r260638 (MFC r260636): Fix bsnmpd remote denial of service vulnerability. Reported by: dinoex Submitted by: harti Security: FreeBSD-SA-14:01.bsnmpd Security: CVE-2014-1452 Approved by: re (gjb) Modified: releng/10.0/contrib/bsnmp/lib/snmpagent.c Directory Properties: releng/10.0/ (props changed) Modified: releng/10.0/contrib/bsnmp/lib/snmpagent.c ============================================================================== --- releng/10.0/contrib/bsnmp/lib/snmpagent.c Tue Jan 14 19:04:33 2014 (r260639) +++ releng/10.0/contrib/bsnmp/lib/snmpagent.c Tue Jan 14 19:10:38 2014 (r260640) @@ -499,6 +499,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struc for (cnt = 0; cnt < pdu->error_index; cnt++) { eomib = 1; for (i = non_rep; i < pdu->nbindings; i++) { + + if (resp->nbindings == SNMP_MAX_BINDINGS) + /* PDU is full */ + goto done; + if (cnt == 0) result = do_getnext(&context, &pdu->bindings[i], &resp->bindings[resp->nbindings], pdu);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401141910.s0EJAcDg006712>