diff options
| author | elie <elie> | 2014-03-21 05:59:44 +0000 |
|---|---|---|
| committer | elie <elie> | 2014-03-21 05:59:44 +0000 |
| commit | fc3c3bb8bf1667937ac630cb853f6d96163e8ada (patch) | |
| tree | c52a90fd17a04c47982012d7b9c512c07a1f763e /pysnmp/proto | |
| parent | d467c46cefcdf0edfeb43e777c8708c4fdc06ab0 (diff) | |
| download | pysnmp-fc3c3bb8bf1667937ac630cb853f6d96163e8ada.tar.gz | |
fixes to verify pyasn1 decoder.decode() return to withstand
broken SNMP messages or its components
Diffstat (limited to 'pysnmp/proto')
| -rw-r--r-- | pysnmp/proto/mpmod/rfc2576.py | 7 | ||||
| -rw-r--r-- | pysnmp/proto/mpmod/rfc3412.py | 7 | ||||
| -rw-r--r-- | pysnmp/proto/secmod/rfc3414/service.py | 9 |
3 files changed, 19 insertions, 4 deletions
diff --git a/pysnmp/proto/mpmod/rfc2576.py b/pysnmp/proto/mpmod/rfc2576.py index 03ad11f..d71e08e 100644 --- a/pysnmp/proto/mpmod/rfc2576.py +++ b/pysnmp/proto/mpmod/rfc2576.py @@ -1,6 +1,6 @@ # SNMP v1 & v2c message processing models implementation import sys -from pyasn1.codec.ber import decoder +from pyasn1.codec.ber import decoder, eoo from pyasn1.type import univ from pyasn1.compat.octets import null from pyasn1.error import PyAsn1Error @@ -272,6 +272,11 @@ class SnmpV1MessageProcessingModel(AbstractMessageProcessingModel): debug.logger & debug.flagMP and debug.logger('prepareDataElements: %s' % (msg.prettyPrint(),)) + if eoo.endOfOctets.isSameTypeWith(msg): + raise error.StatusInformation( + errorIndication=errind.parseError + ) + # rfc3412: 7.2.3 msgVersion = messageProcessingModel = msg.getComponentByPosition(0) diff --git a/pysnmp/proto/mpmod/rfc3412.py b/pysnmp/proto/mpmod/rfc3412.py index 09779a4..8c58145 100644 --- a/pysnmp/proto/mpmod/rfc3412.py +++ b/pysnmp/proto/mpmod/rfc3412.py @@ -3,7 +3,7 @@ import sys from pysnmp.proto.mpmod.base import AbstractMessageProcessingModel from pysnmp.proto import rfc1905, rfc3411, api, errind, error from pyasn1.type import univ, namedtype, constraint -from pyasn1.codec.ber import decoder +from pyasn1.codec.ber import decoder, eoo from pyasn1.error import PyAsn1Error from pysnmp import debug @@ -512,6 +512,11 @@ class SnmpV3MessageProcessingModel(AbstractMessageProcessingModel): debug.logger & debug.flagMP and debug.logger('prepareDataElements: %s' % (msg.prettyPrint(),)) + if eoo.endOfOctets.isSameTypeWith(msg): + raise error.StatusInformation( + errorIndication=errind.parseError + ) + # 7.2.3 headerData = msg.getComponentByPosition(1) msgVersion = messageProcessingModel = msg.getComponentByPosition(0) diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py index c50fc17..4a6affb 100644 --- a/pysnmp/proto/secmod/rfc3414/service.py +++ b/pysnmp/proto/secmod/rfc3414/service.py @@ -9,7 +9,7 @@ from pysnmp.smi.error import NoSuchInstanceError from pysnmp.proto import rfc1155, errind, error from pysnmp import debug from pyasn1.type import univ, namedtype, constraint -from pyasn1.codec.ber import encoder, decoder +from pyasn1.codec.ber import encoder, decoder, eoo from pyasn1.error import PyAsn1Error from pyasn1.compat.octets import null @@ -612,10 +612,15 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): snmpInASNParseErrs.syntax = snmpInASNParseErrs.syntax + 1 raise error.StatusInformation( errorIndication=errind.parseError - ) + ) debug.logger & debug.flagSM and debug.logger('processIncomingMsg: %s' % (securityParameters.prettyPrint(),)) + if eoo.endOfOctets.isSameTypeWith(securityParameters): + raise error.StatusInformation( + errorIndication=errind.parseError + ) + # 3.2.2 msgAuthoritativeEngineID = securityParameters.getComponentByPosition(0) securityStateReference = self._cache.push( |