This is the mail archive of the
ecos-discuss@sourceware.org
mailing list for the eCos project.
Re: SNMP GETBULK leaks 50k per request -- security issue
- From: Tad <ecos_removethispart at ds3switch dot com>
- To: ecos-discuss at sources dot redhat dot com
- Date: Mon, 25 Jun 2007 18:59:16 -0800
- Subject: [ECOS] Re: SNMP GETBULK leaks 50k per request -- security issue
- References: <46808040.2000609@ds3switch.com>
...when snmp_send() fails.
Tad wrote:
A GETBULK request requiring > 8k bytes in the response
(snmp_api.c:PACKET_LENGTH or sendto max)
forgets to free the 50k pdu malloc'ed.
Should be able to crash any ecos snmp system with a couple:
bulkget -Cr50 -v 2c -c public 192.168.1.199 system system system
system system icmp system icmp
which will eat 5 retries x50k at a time
Basically, the snmp_agent.c we're using is POS full of memory leaks if
snmp_send or other errors occur.
I grabbed the latest v4.2 branch from SF of snmp_agent.c,
snmp_agent.h, and snmp_api.h which seem to compile for ecos with
virtually no changes (used the ECOS includes for snmp_agent.c)
The latest snmp_agent.c seems to do a nice job of cleaning up memory
and has a slightly faster SET operation.
http://net-snmp.cvs.sourceforge.net/net-snmp/net-snmp/agent/snmp_agent.c?view=log&r1=1.100&pathrev=V4-2-patches
et. al.
--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss