SNMP vulnerability

[Martin Bjorklund]

Ulf Wiger <etxuwig@REDACTED> wrote:
> 
> Well, I'm not sure about the "did not waste resources" part. ;)
> 
> It seems as if the snmp agent pretty prints an error message
> upon a decoding error. For some of the PDUs, this message can
> become quite sizeable, e.g. after a badarg on
> list_to_binary(LongBadList).

Well, it's just because you're using the default error logging
mechanism - the idea is that you should write your own logging
module!

However, this good idea is badly implemented - it was implemented
before OTP and does not fit into the OTP framework (you need to write
your own snmp_error module, i.e. it's name must be snmp_error).  It
should be redone.


/martin