'[Net-snmp-patches] [ net-snmp-Official Patches-667694 ] pass/pass_persist missing newline'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       net-snmp-patches
Subject:    [Net-snmp-patches] [ net-snmp-Official Patches-667694 ] pass/pass_persist missing newline
From:       "SourceForge.net" <noreply () sourceforge ! net>
Date:       2003-02-11 15:40:05
[Download RAW message or body]

Official Patches item #667694, was opened at 2003-01-14 03:48
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=456380&aid=667694&group_id=12694

Category: None
Group: None
Status: Open
Priority: 9
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Wes Hardaker (hardaker)
>Summary: pass/pass_persist missing newline

Initial Comment:
Pass/pass_persist method was not safe in net-snmp-5.0.1
but it worked well:

line 429 of agent/mibgroup/ucd-snmp/pass_persist.c:

            strcat(persistpassthru->command, buf);
            strcat(persistpassthru->command, "\n");

Actual content of buf and thew final \n was appended
without checking any buffer overflow but it worked
in most of cases.

Version 5.0.7 solves the potential buffer overrun
problem but does not work.

line 436:
            strncat(persistpassthru->command, buf,
                    sizeof(persistpassthru->command) -
                    strlen(persistpassthru->command) -
2);
            persistpassthru->command[
sizeof(persistpassthru->command)-2 ] = '\n';
            persistpassthru->command[
sizeof(persistpassthru->command)-1 ] = 0;

The inserted \n has no effect unless
persistpassthru->command filled totally and no \0
inside. In normal cases the last line of command
has no newline and pass_through agent fails.

Pass method suffers from similar problem.

The enclosed patch adds \n to content of buf.

Gabor Kiss
<kissg@sztaki.hu>

----------------------------------------------------------------------

Comment By: Wes Hardaker (hardaker)
Date: 2003-02-11 07:39

Message:
Logged In: YES 
user_id=76242

Applied and moved to official patches, as it's an important 
one. 
 
I missed your name when reading it the first time so the cvs 
changelog won't have your name in it.  Sorry about that. 
 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=456380&aid=667694&group_id=12694


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Net-snmp-patches mailing list
Net-snmp-patches@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-patches
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic