[Bug 253393] net-mgmt/net-snmp: After upgrading net-snmp-5.7.3_20.1 to net-snmp-5.9_1.1, some snmp responses are not decoded correctly and discarded.

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Feb 10 03:38:49 UTC 2021 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253393

            Bug ID: 253393
           Summary: net-mgmt/net-snmp: After upgrading net-snmp-5.7.3_20.1
                    to net-snmp-5.9_1.1, some snmp responses are not
                    decoded correctly and discarded.
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: zi at FreeBSD.org
          Reporter: a.mitrohin at zs.ttk.ru
             Flags: maintainer-feedback?(zi at FreeBSD.org)
          Assignee: zi at FreeBSD.org

Created attachment 222314
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=222314&action=edit
fix incorrect length comparison

An example snmp response that cannot be decoded and is silently discarded. 

02:19:20.771922 IP (tos 0x0, ttl 29, id 43952, offset 0, flags [none], proto
UDP (17), length 63)
    10.22.16.2.161 > 10.7.22.69.54275: [udp sum ok]  { SNMPv2c {
GetResponse(16) R=1248693045  tooBig[errorIndex==0] } }
        0x0000:  001c c05d ea0f 001d 719b c280 0800 4500
        0x0010:  003f abb0 0000 1d11 b79a 0a16 1002 0a07
        0x0020:  1645 00a1 d403 002b b2fe 3082 001f 0201
        0x0030:  0104 0670 7562 6c69 63a2 8200 1002 044a
        0x0040:  6d8b 3502 0101 0201 0030 8200 00

As a result, my program does not see the "tooBig" error, and does not repeat
the request with a reduced "max_repetitions" value. 

Ultimately, the request ends up with an SNMPERR_TIMEOUT error.


A patch that fixes this: 

--- snmplib/asn1.c.orig 2020-08-15 04:41:47.000000000 +0700
+++ snmplib/asn1.c      2021-02-10 02:51:55.625498000 +0700
@@ -348,7 +348,7 @@
          * long length; first byte is length of length (after masking high
bit)
          */
         len_len = (int) ((*pkt & ~0x80) + 1);
-        if ((int) pkt_len <= len_len )
+        if ((int) pkt_len < len_len )
             return NULL;           /* still too short for length and data */

         /* now we know we have enough data to parse length */

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list