Fix bsnmpd remote denial of service vulnerability.

Reported by: dinoex Submitted by: harti Security: FreeBSD-SA-14:01.bsnmpd Security: CVE-2014-1452
author: delphij <delphij@FreeBSD.org> 2014-01-14 18:58:57 +0000
committer: delphij <delphij@FreeBSD.org> 2014-01-14 18:58:57 +0000
commit: 7d5825ffd4c833bc04740a494ace6799f6b9079b (patch)
tree: 035950db74b192952345b62569074dcb2869c424 /contrib/bsnmp/lib/snmpagent.c
parent: d43a2cacc245a5c84d102e42c7a0a81195d49ebf (diff)
download: FreeBSD-src-7d5825ffd4c833bc04740a494ace6799f6b9079b.zip
FreeBSD-src-7d5825ffd4c833bc04740a494ace6799f6b9079b.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/contrib/bsnmp/lib/snmpagent.c b/contrib/bsnmp/lib/snmpagent.c
index e2aa264..a425c37 100644
--- a/contrib/bsnmp/lib/snmpagent.c
+++ b/contrib/bsnmp/lib/snmpagent.c
@@ -510,6 +510,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struct asn_buf *resp_b,
 	for (cnt = 0; cnt < pdu->error_index; cnt++) {
 		eomib = 1;
 		for (i = non_rep; i < pdu->nbindings; i++) {
+
+			if (resp->nbindings == SNMP_MAX_BINDINGS)
+				/* PDU is full */
+				goto done;
+
 			if (cnt == 0) 
 				result = do_getnext(&context, &pdu->bindings[i],
 				    &resp->bindings[resp->nbindings], pdu);
author	delphij <delphij@FreeBSD.org>	2014-01-14 18:58:57 +0000
committer	delphij <delphij@FreeBSD.org>	2014-01-14 18:58:57 +0000
commit	7d5825ffd4c833bc04740a494ace6799f6b9079b (patch)
tree	035950db74b192952345b62569074dcb2869c424 /contrib/bsnmp/lib/snmpagent.c
parent	d43a2cacc245a5c84d102e42c7a0a81195d49ebf (diff)
download	FreeBSD-src-7d5825ffd4c833bc04740a494ace6799f6b9079b.zip FreeBSD-src-7d5825ffd4c833bc04740a494ace6799f6b9079b.tar.gz