[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #52911] SNMPv3 time window check is not the same as RF
From: |
xuguizhou |
Subject: |
[lwip-devel] [bug #52911] SNMPv3 time window check is not the same as RFC3414 |
Date: |
Tue, 16 Jan 2018 07:12:22 -0500 (EST) |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 |
URL:
<http://savannah.nongnu.org/bugs/?52911>
Summary: SNMPv3 time window check is not the same as RFC3414
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: xuguizhou
Submitted on: Tue 16 Jan 2018 12:12:20 PM UTC
Category: None
Severity: 3 - Normal
Item Group: Change Request
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: 2.0.3
_______________________________________________________
Details:
In RFC3414 PAGE 27
7) If the securityLevel indicates an authenticated message, then the
local values of snmpEngineBoots, snmpEngineTime and
latestReceivedEngineTime corresponding to the value of the
msgAuthoritativeEngineID field are extracted from the Local
Configuration Datastore.
a) If the extracted value of msgAuthoritativeEngineID is the same
as the value of snmpEngineID of the processing SNMP engine
(meaning this is the authoritative SNMP engine), then if any
of the following conditions is true, then the message is
considered to be outside of the Time Window:
- the local value of snmpEngineBoots is 2147483647;
- the value of the msgAuthoritativeEngineBoots field differs
from the local value of snmpEngineBoots; or,
- the value of the msgAuthoritativeEngineTime field differs
from the local notion of snmpEngineTime by more than +/- 150
seconds.
The time window should be +/- 150 seconds by local notion of snmpEngineTime.
So the msg_authoritative_engine_time check should be as follow:
snmp_msg.c
1050: if (request->msg_authoritative_engine_time > (time + 150))
Or see attach picture.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Tue 16 Jan 2018 12:12:20 PM UTC Name: 1516104422.jpg Size: 22KiB By:
xuguizhou
<http://savannah.nongnu.org/bugs/download.php?file_id=42924>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?52911>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #52911] SNMPv3 time window check is not the same as RFC3414,
xuguizhou <=