|
|
abc426 |
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
|
|
|
abc426 |
From: Bart Van Assche <bvanassche@acm.org>
|
|
|
abc426 |
Date: Mon, 4 Jan 2021 12:21:59 -0800
|
|
|
abc426 |
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
|
|
|
abc426 |
|
|
|
abc426 |
Handle length zero correctly.
|
|
|
abc426 |
|
|
|
abc426 |
Fixes: https://github.com/net-snmp/net-snmp/issues/253
|
|
|
abc426 |
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
|
|
|
abc426 |
---
|
|
|
abc426 |
snmplib/asn1.c | 2 +-
|
|
|
abc426 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
abc426 |
|
|
|
abc426 |
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
|
|
|
abc426 |
index e983500e7..33c272768 100644
|
|
|
abc426 |
--- a/snmplib/asn1.c
|
|
|
abc426 |
+++ b/snmplib/asn1.c
|
|
|
abc426 |
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
|
|
|
abc426 |
* long length; first byte is length of length (after masking high bit)
|
|
|
abc426 |
*/
|
|
|
abc426 |
len_len = (int) ((*pkt & ~0x80) + 1);
|
|
|
abc426 |
- if ((int) pkt_len <= len_len )
|
|
|
abc426 |
+ if (pkt_len < len_len)
|
|
|
abc426 |
return NULL; /* still too short for length and data */
|
|
|
abc426 |
|
|
|
abc426 |
/* now we know we have enough data to parse length */
|
|
|
abc426 |
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
|
|
|
abc426 |
From: Bart Van Assche <bvanassche@acm.org>
|
|
|
abc426 |
Date: Mon, 4 Jan 2021 10:00:33 -0800
|
|
|
abc426 |
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
|
|
|
abc426 |
test
|
|
|
abc426 |
|
|
|
abc426 |
Add a reproducer for the bug fixed by the previous patch.
|
|
|
abc426 |
---
|
|
|
abc426 |
.../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
|
|
|
abc426 |
1 file changed, 41 insertions(+)
|
|
|
abc426 |
create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
|
|
|
abc426 |
|
|
|
abc426 |
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
|
|
|
abc426 |
new file mode 100644
|
|
|
abc426 |
index 000000000..5c21ccdc7
|
|
|
abc426 |
--- /dev/null
|
|
|
abc426 |
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
|
|
|
abc426 |
@@ -0,0 +1,41 @@
|
|
|
abc426 |
+/* HEADER Parsing of an SNMP trap with no varbinds */
|
|
|
abc426 |
+netsnmp_pdu pdu;
|
|
|
abc426 |
+int rc;
|
|
|
abc426 |
+static u_char trap_pdu[] = {
|
|
|
abc426 |
+ /* Sequence with length of 0x2d = 45 bytes. */
|
|
|
abc426 |
+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
|
|
|
abc426 |
+ /* version = INTEGER 0 */
|
|
|
abc426 |
+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
|
|
|
abc426 |
+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
|
|
|
abc426 |
+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
|
|
|
abc426 |
+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
|
|
|
abc426 |
+ /* SNMP_MSG_TRAP; 32 bytes. */
|
|
|
abc426 |
+ [15] = 0xa4, [16] = 0x20,
|
|
|
abc426 |
+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
|
|
|
abc426 |
+ [17] = 0x06, [18] = 0x08,
|
|
|
abc426 |
+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
|
|
|
abc426 |
+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
|
|
|
abc426 |
+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
|
|
|
abc426 |
+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
|
|
|
abc426 |
+ [31] = 0x01, [32] = 0x22,
|
|
|
abc426 |
+ /* generic-trap = INTEGER 0 */
|
|
|
abc426 |
+ [33] = 0x02, [34] = 0x01, [35] = 0x00,
|
|
|
abc426 |
+ /* specific-trap = INTEGER 0 */
|
|
|
abc426 |
+ [36] = 0x02, [37] = 0x01, [38] = 0x00,
|
|
|
abc426 |
+ /* ASN_TIMETICKS 0x117f243a */
|
|
|
abc426 |
+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
|
|
|
abc426 |
+ [43] = 0x24, [44] = 0x3a,
|
|
|
abc426 |
+ /* varbind list */
|
|
|
abc426 |
+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
|
|
|
abc426 |
+};
|
|
|
abc426 |
+static size_t trap_pdu_length = sizeof(trap_pdu);
|
|
|
abc426 |
+netsnmp_session session;
|
|
|
abc426 |
+
|
|
|
abc426 |
+snmp_set_do_debugging(TRUE);
|
|
|
abc426 |
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
|
|
|
abc426 |
+memset(&session, 0, sizeof(session));
|
|
|
abc426 |
+snmp_sess_init(&session);
|
|
|
abc426 |
+memset(&pdu, 0, sizeof(pdu));
|
|
|
abc426 |
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
|
|
|
abc426 |
+
|
|
|
abc426 |
+OKF((rc == 0), ("Parsing of a trap PDU"));
|
|
|
abc426 |
|