[erlang-patches] SNMPD: bugfix to snmp_generic:split_index_to_keys/2

Stefan Zegenhagen stefan.zegenhagen@REDACTED
Wed Jul 4 16:42:04 CEST 2012


Dear all,

this mail contains a patch that solves a problem with the indicated
function. For dynamically-sized table indices it wasn't checking whether
the length of the index value matches all constraints specified in the
MIB.

Kind regards,

--- snip ---

>From 12c80f51879da4d36019cf736c1009e5bc09b908 Mon Sep 17 00:00:00 2001
From: Stefan Zegenhagen <stefan.zegenhagen@REDACTED>
Date: Wed, 4 Jul 2012 14:10:00 +0200
Subject: [PATCH 1/2] fix snmp_generic:split_index_to_keys/2

The function snmp_generic:split_index_to_keys/2 handles dynamic length
RowIndex members, but fails to check that their length actually falls
within the constraints given by the MIB.

The problem becomes real for table indices having an 'OCTET STRING'
syntax, e.g. OCTET STRING(1..32) where it is possible to pass
zero-length strings or strings longer than 32 chars without any
validation failure.
---
 lib/snmp/src/agent/snmp_generic.erl |   20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/lib/snmp/src/agent/snmp_generic.erl b/lib/snmp/src/agent/snmp_generic.erl
index 06afa68..0dd1f8b 100644
--- a/lib/snmp/src/agent/snmp_generic.erl
+++ b/lib/snmp/src/agent/snmp_generic.erl
@@ -640,11 +640,12 @@ collect_keys([#asn1_type{lo = X, hi = X} | _Indexes], Keys)
 %% Otherwise, its a dynamic-length type => its a list
 %% OBJECT IDENTIFIER, OCTET STRING or BITS (or derivatives)
 %% Check if it is IMPLIED (only last element can be IMPLIED)
-collect_keys([#asn1_type{implied = true}], Keys) ->
-    [Keys];
-collect_keys([_Type | Indexes], [Length | Keys]) when length(Keys) >= Length ->
+%% and also check lo/hi constraints...
+collect_keys([#asn1_type{implied = true} = Type], Keys) ->
+    [collect_check_length(Type, Keys)];
+collect_keys([Type | Indexes], [Length | Keys]) when length(Keys) >= Length ->
     {StrKey, Rest} = collect_length(Length, Keys, []),
-    [StrKey | collect_keys(Indexes, Rest)];
+    [collect_check_length(Type, StrKey) | collect_keys(Indexes, Rest)];
 collect_keys([_Type | _Indexes], [Length | Keys]) ->
     exit({error, {size_mismatch, Length, Keys}});
 collect_keys([], []) -> [];
@@ -657,6 +658,17 @@ collect_length(0, Rest, Rts) ->
 collect_length(N, [El | Rest], Rts) ->
     collect_length(N-1, Rest, [El | Rts]).
 
+collect_check_length(#asn1_type{lo = Lo, hi = Hi}, ListVal) ->
+    Length = length(ListVal),
+    if
+        is_integer(Lo) andalso Length < Lo ->
+            exit({error, {size_mismatch, Lo, ListVal}});
+        is_integer(Hi) andalso Length > Hi ->
+            exit({error, {size_mismatch, Hi, ListVal}});
+        true ->
+            ListVal
+    end.
+
 %%------------------------------------------------------------------
 %% Checks if a certain row exists.
 %% Returns true or false.
-- 
1.7.9.5


-- 
Dr. Stefan Zegenhagen

arcutronix GmbH
Garbsener Landstr. 10
30419 Hannover
Germany

Tel:   +49 511 277-2734
Fax:   +49 511 277-2709
Email: stefan.zegenhagen@REDACTED
Web:   www.arcutronix.com

*Synchronize the Ethernet*

General Managers: Dipl. Ing. Juergen Schroeder, Dr. Josef Gfrerer -
Legal Form: GmbH, Registered office: Hannover, HRB 202442, Amtsgericht
Hannover; Ust-Id: DE257551767.

Please consider the environment before printing this message.




More information about the erlang-patches mailing list