diff options
author | delphij <delphij@FreeBSD.org> | 2014-01-14 18:58:57 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2014-01-14 18:58:57 +0000 |
commit | 7d5825ffd4c833bc04740a494ace6799f6b9079b (patch) | |
tree | 035950db74b192952345b62569074dcb2869c424 | |
parent | d43a2cacc245a5c84d102e42c7a0a81195d49ebf (diff) | |
download | FreeBSD-src-7d5825ffd4c833bc04740a494ace6799f6b9079b.zip FreeBSD-src-7d5825ffd4c833bc04740a494ace6799f6b9079b.tar.gz |
Fix bsnmpd remote denial of service vulnerability.
Reported by: dinoex
Submitted by: harti
Security: FreeBSD-SA-14:01.bsnmpd
Security: CVE-2014-1452
-rw-r--r-- | contrib/bsnmp/lib/snmpagent.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/contrib/bsnmp/lib/snmpagent.c b/contrib/bsnmp/lib/snmpagent.c index e2aa264..a425c37 100644 --- a/contrib/bsnmp/lib/snmpagent.c +++ b/contrib/bsnmp/lib/snmpagent.c @@ -510,6 +510,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf *resp_b, for (cnt = 0; cnt < pdu->error_index; cnt++) { eomib = 1; for (i = non_rep; i < pdu->nbindings; i++) { + + if (resp->nbindings == SNMP_MAX_BINDINGS) + /* PDU is full */ + goto done; + if (cnt == 0) result = do_getnext(&context, &pdu->bindings[i], &resp->bindings[resp->nbindings], pdu); |