From 6559ebe1ea84de7c7e5b98c85137f2a37f43b2e1 Mon Sep 17 00:00:00 2001 From: Ilya Etingof Date: Fri, 27 Jul 2018 10:20:27 +0200 Subject: [PATCH] Fix out-of-scope OID leak in hlapi table Fixed out-of-scope OIDs possibly leaking at the end of SNMP table at hlapi `nextCmd` and `bulkCmd` calls when `lexicographicMode = False`. --- CHANGES.txt | 2 ++ pysnmp/hlapi/asyncore/sync/cmdgen.py | 40 +++++++++++++++++++++------- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 9b03a69e..9e640262 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -38,6 +38,8 @@ Revision 4.4.5, released 2018-07-XX - Fixed `Bits` class initialization when enumeration values are given - Fixed crash caused by incoming SNMPv3 message requesting SNMPv1/v2c security model +- Fixed out-of-scope OIDs leaking at the end of SNMP table at hlapi + `nextCmd` and `bulkCmd` calls when `lexicographicMode = False` Revision 4.4.4, released 2018-01-03 ----------------------------------- diff --git a/pysnmp/hlapi/asyncore/sync/cmdgen.py b/pysnmp/hlapi/asyncore/sync/cmdgen.py index fb0723f4..3868ac66 100644 --- a/pysnmp/hlapi/asyncore/sync/cmdgen.py +++ b/pysnmp/hlapi/asyncore/sync/cmdgen.py @@ -351,6 +351,8 @@ def nextCmd(snmpEngine, authData, transportTarget, contextData, totalRows = totalCalls = 0 while True: + previousVarBinds = varBinds + if varBinds: cmdgen.nextCmd(snmpEngine, authData, transportTarget, contextData, *[(x[0], Null('')) for x in varBinds], @@ -378,13 +380,22 @@ def nextCmd(snmpEngine, authData, transportTarget, contextData, yield (errorIndication, errorStatus, errorIndex, varBinds) return else: + stopFlag = True + varBinds = cbCtx['varBindTable'] and cbCtx['varBindTable'][0] - for idx, varBind in enumerate(varBinds): + + for col, varBind in enumerate(varBinds): name, val = varBind - if not isinstance(val, Null): - if lexicographicMode or initialVars[idx].isPrefixOf(name): - break - else: + if isinstance(val, Null): + varBinds[col] = previousVarBinds[col][0], endOfMibView + + if not lexicographicMode and not initialVars[col].isPrefixOf(name): + varBinds[col] = previousVarBinds[col][0], endOfMibView + + if stopFlag and varBinds[col][1] is not endOfMibView: + stopFlag = False + + if stopFlag: return totalRows += 1 @@ -545,6 +556,8 @@ def bulkCmd(snmpEngine, authData, transportTarget, contextData, if maxRows and totalRows < maxRows: maxRepetitions = min(maxRepetitions, maxRows - totalRows) + previousVarBinds = varBinds + cmdgen.bulkCmd(snmpEngine, authData, transportTarget, contextData, nonRepeaters, maxRepetitions, *[(x[0], Null('')) for x in varBinds], @@ -583,14 +596,17 @@ def bulkCmd(snmpEngine, authData, transportTarget, contextData, break for col in range(len(varBindTable[row])): name, val = varBindTable[row][col] + if row: + previousVarBinds = varBindTable[row - 1] if nullVarBinds[col]: - varBindTable[row][col] = name, endOfMibView + varBindTable[row][col] = previousVarBinds[col][0], endOfMibView continue stopFlag = False if isinstance(val, Null): + varBindTable[row][col] = previousVarBinds[col][0], endOfMibView nullVarBinds[col] = True - elif not lexicographicMode and not initialVars[col].isPrefixOf(name): - varBindTable[row][col] = name, endOfMibView + if not lexicographicMode and not initialVars[col].isPrefixOf(name): + varBindTable[row][col] = previousVarBinds[col][0], endOfMibView nullVarBinds[col] = True if stopFlag: varBindTable = row and varBindTable[:row - 1] or [] @@ -607,9 +623,13 @@ def bulkCmd(snmpEngine, authData, transportTarget, contextData, if maxCalls and totalCalls >= maxCalls: stopFlag = True - for varBinds in varBindTable: - initialVarBinds = (yield errorIndication, errorStatus, errorIndex, varBinds) + varBinds = varBindTable and varBindTable[-1] or [] + + for varBindRow in varBindTable: + initialVarBinds = (yield errorIndication, errorStatus, errorIndex, varBindRow) if initialVarBinds: varBinds = initialVarBinds initialVars = [x[0] for x in vbProcessor.makeVarBinds(snmpEngine, varBinds)] + nullVarBinds = [False] * len(initialVars) +