From: <no...@so...> - 2001-07-26 09:24:56
|
Bugs item #404657, was opened at 2001-02-27 10:49 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=112694&aid=404657&group_id=12694 Category: library Group: None >Status: Closed Resolution: Fixed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Wes Hardaker (hardaker) Summary: segfault due to buffer overflow Initial Comment: In version 4.2 in the file snmplib/mib.c the use of the define SPRINT_MAX_LEN means that trying to print (ie from a get or walk) a MIB entry where there is a long data value (eg Hex string) can overwrite the stack and hence cause a seg fault. Looking at the code, it seems like a non-trivial fix since a large number of functions in this module take a buffer pointer as parameter but don't have any indication of buffer size.. ---------------------------------------------------------------------- Comment By: John Naylon (jbpn) Date: 2001-07-25 06:37 Message: Logged In: YES user_id=93926 Note that this is fixed in the current CVS version. ---------------------------------------------------------------------- Comment By: Wes Hardaker (hardaker) Date: 2001-03-15 13:46 Message: Logged In: YES user_id=76242 Yes, its non-trivial to fix but is planned for 5.0 where we'll try to switch to snprintf style code. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=112694&aid=404657&group_id=12694 |