Date: Tue, 14 Jan 2014 19:17:21 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r260642 - in stable: 8/contrib/bsnmp/lib 9/contrib/bsnmp/lib Message-ID: <201401141917.s0EJHLHU008676@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Jan 14 19:17:20 2014 New Revision: 260642 URL: http://svnweb.freebsd.org/changeset/base/260642 Log: MFC r260636: Fix bsnmpd remote denial of service vulnerability. Reported by: dinoex Submitted by: harti Security: FreeBSD-SA-14:01.bsnmpd Security: CVE-2014-1452 Modified: stable/8/contrib/bsnmp/lib/snmpagent.c Directory Properties: stable/8/contrib/bsnmp/ (props changed) Changes in other areas also in this revision: Modified: stable/9/contrib/bsnmp/lib/snmpagent.c Directory Properties: stable/9/contrib/bsnmp/ (props changed) Modified: stable/8/contrib/bsnmp/lib/snmpagent.c ============================================================================== --- stable/8/contrib/bsnmp/lib/snmpagent.c Tue Jan 14 19:12:40 2014 (r260641) +++ stable/8/contrib/bsnmp/lib/snmpagent.c Tue Jan 14 19:17:20 2014 (r260642) @@ -488,6 +488,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struc for (cnt = 0; cnt < pdu->error_index; cnt++) { eomib = 1; for (i = non_rep; i < pdu->nbindings; i++) { + + if (resp->nbindings == SNMP_MAX_BINDINGS) + /* PDU is full */ + goto done; + if (cnt == 0) result = do_getnext(&context, &pdu->bindings[i], &resp->bindings[resp->nbindings], pdu);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401141917.s0EJHLHU008676>