diff --git a/CHANGES.txt b/CHANGES.txt index 5b673a58..9b03a69e 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -36,6 +36,8 @@ Revision 4.4.5, released 2018-07-XX - Fixed possible infinite loop in GETBULK response PDU builder - Fixed memory leak in the `config.delContext()` VACM management harness - Fixed `Bits` class initialization when enumeration values are given +- Fixed crash caused by incoming SNMPv3 message requesting SNMPv1/v2c + security model Revision 4.4.4, released 2018-01-03 ----------------------------------- diff --git a/pysnmp/proto/mpmod/rfc2576.py b/pysnmp/proto/mpmod/rfc2576.py index 93ded6da..717110d3 100644 --- a/pysnmp/proto/mpmod/rfc2576.py +++ b/pysnmp/proto/mpmod/rfc2576.py @@ -271,7 +271,7 @@ class SnmpV1MessageProcessingModel(AbstractMessageProcessingModel): try: try: - smHandler = snmpEngine.securityModels[int(securityModel)] + smHandler = snmpEngine.securityModels[securityModel] except KeyError: raise error.StatusInformation( diff --git a/pysnmp/proto/mpmod/rfc3412.py b/pysnmp/proto/mpmod/rfc3412.py index 5f9268a5..58f3acc0 100644 --- a/pysnmp/proto/mpmod/rfc3412.py +++ b/pysnmp/proto/mpmod/rfc3412.py @@ -40,8 +40,11 @@ class HeaderData(univ.Sequence): namedtype.NamedType('msgMaxSize', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(484, 2147483647))), namedtype.NamedType('msgFlags', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 1))), + # NOTE (etingof): constrain SNMPv3 message to only USM+ security models + # because SNMPv1/v2c seems incompatible in pysnmp implementation, not sure + # if it's intended by the SNMP standard at all... namedtype.NamedType('msgSecurityModel', - univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 2147483647))) + univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(3, 2147483647))) )