[Midnightbsd-cvs] src [6598] trunk/contrib/bsnmp/lib/snmpagent.c: fix a bug in bsnmpd

Tue Jan 14 19:41:45 EST 2014

Revision: 6598
          http://svnweb.midnightbsd.org/src/?rev=6598
Author:   laffer1
Date:     2014-01-14 19:41:44 -0500 (Tue, 14 Jan 2014)
Log Message:
-----------
fix a bug in bsnmpd

The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it
has received a specifically crafted GETBULK PDU request.

Modified Paths:
--------------
    trunk/contrib/bsnmp/lib/snmpagent.c

Modified: trunk/contrib/bsnmp/lib/snmpagent.c
===================================================================

--- trunk/contrib/bsnmp/lib/snmpagent.c	2014-01-02 04:31:31 UTC (rev 6597)
+++ trunk/contrib/bsnmp/lib/snmpagent.c	2014-01-15 00:41:44 UTC (rev 6598)
@@ -499,6 +499,11 @@
 	for (cnt = 0; cnt < pdu->error_index; cnt++) {
 		eomib = 1;
 		for (i = non_rep; i < pdu->nbindings; i++) {
+
+			if (resp->nbindings == SNMP_MAX_BINDINGS)
+				/* PDU is full */
+				goto done;
+
 			if (cnt == 0) 
 				result = do_getnext(&context, &pdu->bindings[i],
 				    &resp->bindings[resp->nbindings], pdu);

