[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #60717] SNMPv3: Signed integer overflow after 68 years
|
From: |
Tim Schendekehl |
|
Subject: |
[lwip-devel] [bug #60717] SNMPv3: Signed integer overflow after 68 years |
|
Date: |
Tue, 1 Jun 2021 05:46:18 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0 |
URL:
<https://savannah.nongnu.org/bugs/?60717>
Summary: SNMPv3: Signed integer overflow after 68 years
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: timschendekehl
Submitted on: Tue 01 Jun 2021 09:46:16 AM UTC
Category: apps
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: git head
_______________________________________________________
Details:
Function snmp_parse_inbound_frame in file src/apps/snmp/snmp_msg.c contains a
check for the engine time:
if (request->msg_authoritative_engine_time > (time + 150)) {
After SNMP_MAX_TIME_BOOT seconds (68 years) the engine time will be reset to
zero and the boot count will be increased. The last 150 seconds before that
happens, there will be a signed integer overflow and SNMP packets will be
rejected. Note that msg_authoritative_engine_time and time are signed 32-bit
integers. Of course it is unlikely, that a device is running for so long
without reboot.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?60717>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lwip-devel] [bug #60717] SNMPv3: Signed integer overflow after 68 years,
Tim Schendekehl <=