[Ace-users] [ace-bugs] [asnmp]: [agent PDU receiving bug]
Artem Nikitin
nikitin at komset.ru
Thu Jan 31 23:30:30 CST 2008
ACE VERSION: 5.5, released Sun Mar 05 11:10:32 2006.
HOST MACHINE and OPERATING SYSTEM:
MS Windows 2000, WINSOCK 2.0 (Product version 5.00.2195.6601 and
5.2.3790.3959)
TARGET MACHINE and OPERATING SYSTEM, if different from HOST: -
COMPILER NAME AND VERSION (AND PATCHLEVEL):
C++ compiler MS Visual Studio.NET 2003 (with SP1)
AREA/CLASS/EXAMPLE AFFECTED: asnmp library, sagent class
DOES THE PROBLEM AFFECT:EXECUTION
SYNOPSIS: PDU receiving bug
DESCRIPTION:
I work with asnmp
library and "sagent" class for creating my simple SNMP agent.
I got non-null('\0') terminated string when receive PDU from manager in the
"get_community" method of "wpdu" class. My call stack was damaging.
REPEAT BY:
....
char rcv_com_str[MAX_COMM_STR_LEN];
transaction tr(_snmp_session_);
tr.handle_input(fd);
if (tr.result(pdu_, rcv_com_str) < 0) // damaging call
return 0;
....
// return pdu to caller
int transaction::result(Pdu& pdu, char *comm_str, ACE_INET_Addr *from)
{
// TODO: check to see the sender matches the receiver address..
// remove any vbs existing in this pdu
pdu.delete_all_vbs();
// any data to return?
if (receive_iovec_.iov_len == 0)
return -1;
wpdu tmp(receive_iovec_);
snmp_version ver;
// return comm str and from address of incomming pdu if requested
int rc = tmp.get_pdu(pdu, ver);
if (comm_str)
strcpy(comm_str, (char *)tmp.get_community());
if (from)
*from = receive_addr_;
return rc;
}
SAMPLE FIX/WORKAROUND:
wpdu.cpp file:
void wpdu::get_community(char* target) const
{
strncpy(target, community_name, comm_len);
}
More information about the Ace-users
mailing list