[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #46089] snmp: race condition on length change between
|
From: |
Simon Goldschmidt |
|
Subject: |
[lwip-devel] [bug #46089] snmp: race condition on length change between get_object_def() and get_value() |
|
Date: |
Thu, 01 Oct 2015 08:05:59 +0000 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
URL:
<http://savannah.nongnu.org/bugs/?46089>
Summary: snmp: race condition on length change between
get_object_def() and get_value()
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: goldsimon
Submitted on: Do 01 Okt 2015 08:05:57 GMT
Category: None
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release:
lwIP version: git head
_______________________________________________________
Details:
The snmp agent currently gets the length of an object from the
get_object_def() function. However, the length could change (at least for
external nodes) before calling get_value(), so the value and its length don't
match.
The length returned from get_object_def() has historically been used to
allocate memory via mem_malloc(). However, this is not required any more since
the memory is being allocated from pools.
To fix this, the length shall be returned by the get_value() function. This is
an incompatibility for private MIBs only.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?46089>
_______________________________________________
Nachricht gesendet von/durch Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #46089] snmp: race condition on length change between get_object_def() and get_value(),
Simon Goldschmidt <=