Xref: utzoo comp.protocols.tcp-ip:9367 comp.bugs.misc:271 Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!sunic!chalmers!lindberg From: lindberg@cs.chalmers.se (Gunnar Lindberg) Newsgroups: comp.protocols.tcp-ip,comp.bugs.misc Subject: Bug in CMU snmp 1.0 + fix Keywords: SNMP MIB Message-ID: <3442@chalmers.se> Date: 28 Nov 89 15:10:10 GMT Sender: news@chalmers.se Organization: Dept of CS, Chalmers, Sweden Lines: 58 I picked up snmp 1.0 from CMU (pub/cmu-snmp1.0.tar.Z, Oct 24 18:13) not long ago and I think I've actually found a bug in it. If I tried things like snmpget ... ip.ipRoutingTable.ipRouteEntry.ipRouteNextHop.10.0.0.51 it would dump core before it actually got to sending out the question. It seems like routine "parse_subtree()" in "snmplib/mib.c" tried to use a NULL pointer when it looked up the "10.0.0.51" part of the string. Now, I don't know much about ASN.1 so my fix might be doing the wrong thing, but things seems to work reasonably well with it. Gunnar Lindberg ===================================================================== RCS file: mib.c,v retrieving revision 1.2 diff -c -r1.2 mib.c *** /tmp/,RCSt1a26347 Tue Nov 28 15:53:25 1989 --- mib.c Mon Nov 27 13:47:47 1989 *************** *** 620,625 if (*input != '.') return (1); if ((*out_len = parse_subtree(tp->child_list, ++input, output, out_len)) == 0) return (0); --- 620,627 ----- if (*input != '.') return (1); + if (tp) + tp = tp->child_list; if ((*out_len = parse_subtree(tp, ++input, output, out_len)) == 0) return (0); *************** *** 621,627 if (*input != '.') return (1); if ((*out_len = ! parse_subtree(tp->child_list, ++input, output, out_len)) == 0) return (0); return (++*out_len); } --- 623,629 ----- if (tp) tp = tp->child_list; if ((*out_len = ! parse_subtree(tp, ++input, output, out_len)) == 0) return (0); return (++*out_len); } ===================================================================== Brought to you by Super Global Mega Corp .com