svn commit: r260636 - head/contrib/bsnmp/lib

Tue Jan 14 18:58:58 UTC 2014

Author: delphij
Date: Tue Jan 14 18:58:57 2014
New Revision: 260636
URL: http://svnweb.freebsd.org/changeset/base/260636

Log:
  Fix bsnmpd remote denial of service vulnerability.
  
  Reported by:	dinoex
  Submitted by:	harti
  Security:	FreeBSD-SA-14:01.bsnmpd
  Security:	CVE-2014-1452

Modified:
  head/contrib/bsnmp/lib/snmpagent.c

Modified: head/contrib/bsnmp/lib/snmpagent.c
==============================================================================

--- head/contrib/bsnmp/lib/snmpagent.c	Tue Jan 14 18:45:32 2014	(r260635)
+++ head/contrib/bsnmp/lib/snmpagent.c	Tue Jan 14 18:58:57 2014	(r260636)
@@ -510,6 +510,11 @@ snmp_getbulk(struct snmp_pdu *pdu, struc
 	for (cnt = 0; cnt < pdu->error_index; cnt++) {
 		eomib = 1;
 		for (i = non_rep; i < pdu->nbindings; i++) {
+
+			if (resp->nbindings == SNMP_MAX_BINDINGS)
+				/* PDU is full */
+				goto done;
+
 			if (cnt == 0) 
 				result = do_getnext(&context, &pdu->bindings[i],
 				    &resp->bindings[resp->nbindings], pdu);
