diff options
author | Ilya Etingof <etingof@gmail.com> | 2018-08-04 20:24:26 +0200 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2018-08-04 20:24:26 +0200 |
commit | 7abfa51a9993e3a79404990f844d655b3bd3ba26 (patch) | |
tree | 8148d41d4aa6b1abc3d98b5d6a2d869c7b37272e | |
parent | 0d7f612468d78a58c3746a8336d1353763dd315b (diff) | |
download | pysnmp-git-7abfa51a9993e3a79404990f844d655b3bd3ba26.tar.gz |
Fix crash on wrong SNMPv3 security model
Fixed crash caused by incoming SNMPv3 message
requesting SNMPv1/v2c security model
-rw-r--r-- | CHANGES.txt | 2 | ||||
-rw-r--r-- | pysnmp/proto/mpmod/rfc2576.py | 2 | ||||
-rw-r--r-- | pysnmp/proto/mpmod/rfc3412.py | 5 |
3 files changed, 7 insertions, 2 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index f57aa6a8..ecdd5587 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -7,6 +7,8 @@ Revision 4.4.5, released 2018-04-XX - Fixed possible infinite loop in GETBULK response PDU builder - Fixed memory leak in the T`config.delContext()` VACM management harness - Fixed `Bits` class initialization when enumeration values are given +- Fixed crash caused by incoming SNMPv3 message requesting SNMPv1/v2c + security model Revision 4.4.4, released 2018-01-03 ----------------------------------- diff --git a/pysnmp/proto/mpmod/rfc2576.py b/pysnmp/proto/mpmod/rfc2576.py index 93ded6da..717110d3 100644 --- a/pysnmp/proto/mpmod/rfc2576.py +++ b/pysnmp/proto/mpmod/rfc2576.py @@ -271,7 +271,7 @@ class SnmpV1MessageProcessingModel(AbstractMessageProcessingModel): try: try: - smHandler = snmpEngine.securityModels[int(securityModel)] + smHandler = snmpEngine.securityModels[securityModel] except KeyError: raise error.StatusInformation( diff --git a/pysnmp/proto/mpmod/rfc3412.py b/pysnmp/proto/mpmod/rfc3412.py index 5f9268a5..58f3acc0 100644 --- a/pysnmp/proto/mpmod/rfc3412.py +++ b/pysnmp/proto/mpmod/rfc3412.py @@ -40,8 +40,11 @@ class HeaderData(univ.Sequence): namedtype.NamedType('msgMaxSize', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(484, 2147483647))), namedtype.NamedType('msgFlags', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 1))), + # NOTE (etingof): constrain SNMPv3 message to only USM+ security models + # because SNMPv1/v2c seems incompatible in pysnmp implementation, not sure + # if it's intended by the SNMP standard at all... namedtype.NamedType('msgSecurityModel', - univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 2147483647))) + univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(3, 2147483647))) ) |