[erlang-patches] SNMP/VACM: bugfix for vacmViewTreeFamilyMask

Fredrik <>
Mon Jun 10 11:58:04 CEST 2013


On 06/10/2013 11:07 AM, Stefan Zegenhagen wrote:
> Dear all,
>
>
> it's almost a year since I sent the patch attached to this e-mail, and I
> just found out that I have not yet gotten a response to it.
>
> I would consider this patch important because it fixes an issue with the
> interpretation of data that might be critical for SNMPv3 operation. I
> confirmed at that time that erlangs interpretation of
> vacmViewTreeFamilyMask is indeed not interoperable with other SNMP
> stacks.
>
>
> Kind regards,
>
>
>>>> the implementation of SNMP-VIEW-BASED-ACM.mib assumes that the input for
>>>> vacmViewTreeFamilyMask is an OID consisting of 1's and 0's only to form
>>>> the mask. However, the MIB states that the input should be a bitstring.
>>>>
>>>> The OID representation of the mask is useful in the code as it speeds up
>>>> time-critical code paths when checking access permissions for EACH SNMP
>>>> access. Reading/writing the view mask objects is less time-critical.
>>>>
>>>> Therefore, to fix the issue, convert between OID representation and
>>>> bitstring when the vacmViewTreeFamilyMask objects are accessed. This is
>>>> done by the patch attached to this e-mail.
>>
>> I'm very sorry for the troubles that I am causing but it seems that the
>> previous version of the patch did more than it should: the OID-bitstring
>> conversion was also applied to other tables in the same MIB on
>> get/get-next requests.
>>
>> The version of the patch that is attached to this e-mail restricts the
>> OID-bitstring conversion to vacmViewTreeFamilyMask alone.
>
>
>
> _______________________________________________
> erlang-patches mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-patches
Your mailpatch has been taken cared of. It is now assigned to the 
responsible team.
Thanks for the heads-up,

-- 

BR Fredrik Gustafsson
Erlang OTP Team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-patches/attachments/20130610/4c2edacf/attachment.html>


More information about the erlang-patches mailing list