Created attachment 222314 [details] fix incorrect length comparison An example snmp response that cannot be decoded and is silently discarded. 02:19:20.771922 IP (tos 0x0, ttl 29, id 43952, offset 0, flags [none], proto UDP (17), length 63) 10.22.16.2.161 > 10.7.22.69.54275: [udp sum ok] { SNMPv2c { GetResponse(16) R=1248693045 tooBig[errorIndex==0] } } 0x0000: 001c c05d ea0f 001d 719b c280 0800 4500 0x0010: 003f abb0 0000 1d11 b79a 0a16 1002 0a07 0x0020: 1645 00a1 d403 002b b2fe 3082 001f 0201 0x0030: 0104 0670 7562 6c69 63a2 8200 1002 044a 0x0040: 6d8b 3502 0101 0201 0030 8200 00 As a result, my program does not see the "tooBig" error, and does not repeat the request with a reduced "max_repetitions" value. Ultimately, the request ends up with an SNMPERR_TIMEOUT error. A patch that fixes this: --- snmplib/asn1.c.orig 2020-08-15 04:41:47.000000000 +0700 +++ snmplib/asn1.c 2021-02-10 02:51:55.625498000 +0700 @@ -348,7 +348,7 @@ * long length; first byte is length of length (after masking high bit) */ len_len = (int) ((*pkt & ~0x80) + 1); - if ((int) pkt_len <= len_len ) + if ((int) pkt_len < len_len ) return NULL; /* still too short for length and data */ /* now we know we have enough data to parse length */
> Bart Van > > Thanks for having reported this but I think this has already been fixed by commti 92f0fe9. > > https://github.com/net-snmp/net-snmp/commit/92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec :)) The problem was fixed long ago in the original project. Please add a fix for us too.
A commit references this bug: Author: zi Date: Sat Feb 13 18:54:59 UTC 2021 New revision: 565173 URL: https://svnweb.freebsd.org/changeset/ports/565173 Log: - Bring in upstream commit to resolve badly formed responses (92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec) - Bump PORTREVISION PR: 253393 Changes: head/net-mgmt/net-snmp/Makefile head/net-mgmt/net-snmp/files/patch-92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec