Blame SOURCES/net-snmp-5.8-bulk.patch

8b097a
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
8b097a
--- a/snmplib/snmp_api.c	2020-09-29 14:08:09.821479662 +0200
8b097a
+++ b/snmplib/snmp_api.c	2020-10-01 10:15:46.607374362 +0200
8b097a
@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
8b097a
     session->retries = SNMP_DEFAULT_RETRIES;
8b097a
     session->version = SNMP_DEFAULT_VERSION;
8b097a
     session->securityModel = SNMP_DEFAULT_SECMODEL;
8b097a
-    session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
8b097a
+    session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
8b097a
     session->sndMsgMaxSize = netsnmp_max_send_msg_size();
8b097a
     session->flags |= SNMP_FLAGS_DONT_PROBE;
8b097a
 }
8b097a
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
8b097a
     /*
8b097a
      * build a scopedPDU structure into spdu_buf
8b097a
      */
8b097a
-    spdu_buf_len = SNMP_MAX_MSG_SIZE;
8b097a
+    spdu_buf_len = sizeof(spdu_buf);
8b097a
     DEBUGDUMPSECTION("send", "ScopedPdu");
8b097a
     cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
8b097a
                                        &spdu_hdr_e);
8b097a
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
8b097a
      */
8b097a
     DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
8b097a
     if (pdu_data) {
8b097a
+        if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
8b097a
+            snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
8b097a
+                     __func__, pdu_data_len, sizeof(spdu_buf));
8b097a
+            return -1;
8b097a
+        }
8b097a
         memcpy(cp, pdu_data, pdu_data_len);
8b097a
         cp += pdu_data_len;
8b097a
     } else {
8b097a
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
8b097a
      * re-encode the actual ASN.1 length of the scopedPdu
8b097a
      */
8b097a
     spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
8b097a
-    spdu_buf_len = SNMP_MAX_MSG_SIZE;
8b097a
+    spdu_buf_len = sizeof(spdu_buf);
8b097a
     if (asn_build_sequence(spdu_buf, &spdu_buf_len,
8b097a
                            (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
8b097a
                            spdu_len) == NULL)
8b097a
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
8b097a
      * message - the entire message to transmitted on the wire is returned
8b097a
      */
8b097a
     cp = NULL;
8b097a
-    *out_length = SNMP_MAX_MSG_SIZE;
8b097a
+    *out_length = sizeof(spdu_buf);
8b097a
     DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
8b097a
     sptr = find_sec_mod(pdu->securityModel);
8b097a
     if (sptr && sptr->encode_forward) {