'[ net-snmp-Bugs-1826174 ] snmp_get limits ASN1 OCTETSTRING length'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       net-snmp-bugs
Subject:    [ net-snmp-Bugs-1826174 ] snmp_get limits ASN1 OCTETSTRING length
From:       "SourceForge.net" <noreply () sourceforge ! net>
Date:       2007-11-19 10:30:21
Message-ID: E1Iu3tV-0008FL-Do () sc8-sf-web21 ! sourceforge ! net
[Download RAW message or body]

Bugs item #1826174, was opened at 2007-11-05 17:26
Message generated for change (Comment added) made by john_kortink_mb
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=112694&aid=1826174&group_id=12694

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: perl
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: John Kortink (mBalance) (john_kortink_mb)
Assigned to: Nobody/Anonymous (nobody)
Summary: snmp_get limits ASN1 OCTETSTRING length

Initial Comment:
Location : perl/SNMP/SNMP.xs.

snmp_get crashes on AVPs with (e.g.) an OCTETSTRING bigger than roughly 4096 (5.4.1, \
5.2.4) or 2048 (5.1.4) bytes, which is a highly arbitrary limitation, looking at the \
source code and how the buffer size is determined. It should handle at least up to 64 \
K, really (max. UDP packet payload size), or malloc() properly.


John Kortink


----------------------------------------------------------------------

> Comment By: John Kortink (mBalance) (john_kortink_mb)
Date: 2007-11-19 11:30

Message:
Logged In: YES 
user_id=1682342
Originator: YES

E.g. for 5.2.4, perl/SNMP/SNMP.xs line 3339.

Although __snprint_value is passed the buffer's size, for some reason it
then disregards it by blindly memcpy-ing an ASN_OCTET_STR into it : kaboom.
It seems rather pointless to copy the value into an intermediate buffer
anyway, since it's copied verbatim.

It's in all versions, including 5.4.1.


----------------------------------------------------------------------

Comment By: Dave Shield (dts12)
Date: 2007-11-16 22:21

Message:
Logged In: YES 
user_id=88893
Originator: NO

Could you possibly pinpoint exactly where this limit
is applied in the perl code?  I've had a quick look
at the code, and can't immediately see where the value
is handled.
  I'm sure we could find it eventually, but if you
can point us in the right direction, this problem is
more likely to get addressed relatively promptly.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=112694&aid=1826174&group_id=12694

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Net-snmp-bugs mailing list
Net-snmp-bugs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-bugs


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic