Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 495486 Details for
Bug 546792
<net-analyzer/net-snmp-5.8-r1: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch extracted from branch 5-7-patches
net-snmp-5.7.3-r7.patch (text/plain), 3.75 KB, created by
Christopher Díaz Riveros (RETIRED)
on 2017-09-20 04:52:28 UTC
(
hide
)
Description:
Patch extracted from branch 5-7-patches
Filename:
MIME Type:
Creator:
Christopher Díaz Riveros (RETIRED)
Created:
2017-09-20 04:52:28 UTC
Size:
3.75 KB
patch
obsolete
>diff --git a/snmplib/snmp_api.c b/snmplib/snmp_api.c >index b269e8139..71a73fcf7 100644 >--- a/snmplib/snmp_api.c >+++ b/snmplib/snmp_api.c >@@ -4296,10 +4296,9 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) > u_char type; > u_char msg_type; > u_char *var_val; >- int badtype = 0; > size_t len; > size_t four; >- netsnmp_variable_list *vp = NULL; >+ netsnmp_variable_list *vp = NULL, *vplast = NULL; > oid objid[MAX_OID_LEN]; > > /* >@@ -4434,38 +4433,24 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) > (ASN_SEQUENCE | ASN_CONSTRUCTOR), > "varbinds"); > if (data == NULL) >- return -1; >+ goto fail; > > /* > * get each varBind sequence > */ > while ((int) *length > 0) { >- netsnmp_variable_list *vptemp; >- vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp)); >- if (0 == vptemp) { >- return -1; >- } >- if (0 == vp) { >- pdu->variables = vptemp; >- } else { >- vp->next_variable = vptemp; >- } >- vp = vptemp; >+ vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list); >+ if (NULL == vp) >+ goto fail; > >- vp->next_variable = NULL; >- vp->val.string = NULL; > vp->name_length = MAX_OID_LEN; >- vp->name = 0; >- vp->index = 0; >- vp->data = 0; >- vp->dataFreeHook = 0; > DEBUGDUMPSECTION("recv", "VarBind"); > data = snmp_parse_var_op(data, objid, &vp->name_length, &vp->type, > &vp->val_len, &var_val, length); > if (data == NULL) >- return -1; >+ goto fail; > if (snmp_set_var_objid(vp, objid, vp->name_length)) >- return -1; >+ goto fail; > > len = MAX_PACKET_LENGTH; > DEBUGDUMPHEADER("recv", "Value"); >@@ -4530,7 +4515,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) > vp->val.string = (u_char *) malloc(vp->val_len); > } > if (vp->val.string == NULL) { >- return -1; >+ goto fail; > } > asn_parse_string(var_val, &len, &vp->type, vp->val.string, > &vp->val_len); >@@ -4541,7 +4526,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) > vp->val_len *= sizeof(oid); > vp->val.objid = (oid *) malloc(vp->val_len); > if (vp->val.objid == NULL) { >- return -1; >+ goto fail; > } > memmove(vp->val.objid, objid, vp->val_len); > break; >@@ -4553,19 +4538,35 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) > case ASN_BIT_STR: > vp->val.bitstring = (u_char *) malloc(vp->val_len); > if (vp->val.bitstring == NULL) { >- return -1; >+ goto fail; > } > asn_parse_bitstring(var_val, &len, &vp->type, > vp->val.bitstring, &vp->val_len); > break; > default: > snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type); >- badtype = -1; >+ goto fail; > break; > } > DEBUGINDENTADD(-4); >+ >+ if (NULL == vplast) { >+ pdu->variables = vp; >+ } else { >+ vplast->next_variable = vp; >+ } >+ vplast = vp; >+ vp = NULL; > } >- return badtype; >+ return 0; >+ >+ fail: >+ DEBUGMSGTL(("recv", "error while parsing VarBindList\n")); >+ /** if we were parsing a var, remove it from the pdu and free it */ >+ if (vp) >+ snmp_free_var(vp); >+ >+ return -1; > } > > /*
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=495486">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 546792
: 495486
