/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through MD5 to produce final key */
- /* May want to ensure that engineLength <= 32, */
- /* otherwise need to use a buffer larger than 64 */
+ /* We ignore invalid engineLengths here. More strict */
+ /* checking is done in snmp_users_update_cb. */
/*****************************************************/
md5_init(&MD);
guint8 *key)
{
sha1_context SH;
- guint8 *cp, password_buf[72];
+ guint8 *cp, password_buf[64];
guint32 password_index = 0;
guint32 count = 0, i;
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through SHA to produce final key */
- /* May want to ensure that engineLength <= 32, */
- /* otherwise need to use a buffer larger than 72 */
+ /* We ignore invalid engineLengths here. More strict */
+ /* checking is done in snmp_users_update_cb. */
/*****************************************************/
- memcpy(password_buf, key, 20);
- memcpy(password_buf+20, engineID, engineLength);
- memcpy(password_buf+20+engineLength, key, 20);
sha1_starts(&SH);
- sha1_update(&SH, password_buf, 40+engineLength);
+ sha1_update(&SH, key, 20);
+ sha1_update(&SH, engineID, engineLength);
+ sha1_update(&SH, key, 20);
sha1_finish(&SH, key);
return;
}
for (i=0; i<num_ueas-1; i++) {
snmp_ue_assoc_t* u = &(ueas[i]);
+ /* RFC 3411 section 5 */
+ if (u->engine.len < 5 || u->engine.len > 32) {
+ g_string_append_printf(es, "Invalid engineId length (%u). Must be between 5 and 32 (10 and 64 hex digits)\n", u->engine.len);
+ }
+
if ( u->user.userName.len == ue->user.userName.len
&& u->engine.len == ue->engine.len ) {
if (u->engine.len > 0 && memcmp( u->engine.data, ue->engine.data, u->engine.len ) == 0) {
if ( memcmp( u->user.userName.data, ue->user.userName.data, ue->user.userName.len ) == 0 ) {
/* XXX: make a string for the engineId */
- g_string_append_printf(es,"duplicate key (userName='%s')\n",ue->user.userName.data);
+ g_string_append_printf(es,"Duplicate key (userName='%s')\n",ue->user.userName.data);
}
}
if (u->engine.len == 0) {
if ( memcmp( u->user.userName.data, ue->user.userName.data, ue->user.userName.len ) == 0 ) {
- g_string_append_printf(es,"duplicate key (userName='%s' engineId=NONE)\n",ue->user.userName.data);
+ g_string_append_printf(es,"Duplicate key (userName='%s' engineId=NONE)\n",ue->user.userName.data);
}
}
}
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through MD5 to produce final key */
- /* May want to ensure that engineLength <= 32, */
- /* otherwise need to use a buffer larger than 64 */
+ /* We ignore invalid engineLengths here. More strict */
+ /* checking is done in snmp_users_update_cb. */
/*****************************************************/
md5_init(&MD);
guint8 *key)
{
sha1_context SH;
- guint8 *cp, password_buf[72];
+ guint8 *cp, password_buf[64];
guint32 password_index = 0;
guint32 count = 0, i;
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through SHA to produce final key */
- /* May want to ensure that engineLength <= 32, */
- /* otherwise need to use a buffer larger than 72 */
+ /* We ignore invalid engineLengths here. More strict */
+ /* checking is done in snmp_users_update_cb. */
/*****************************************************/
- memcpy(password_buf, key, 20);
- memcpy(password_buf+20, engineID, engineLength);
- memcpy(password_buf+20+engineLength, key, 20);
sha1_starts(&SH);
- sha1_update(&SH, password_buf, 40+engineLength);
+ sha1_update(&SH, key, 20);
+ sha1_update(&SH, engineID, engineLength);
+ sha1_update(&SH, key, 20);
sha1_finish(&SH, key);
return;
}
for (i=0; i<num_ueas-1; i++) {
snmp_ue_assoc_t* u = &(ueas[i]);
+ /* RFC 3411 section 5 */
+ if (u->engine.len < 5 || u->engine.len > 32) {
+ g_string_append_printf(es, "Invalid engineId length (%u). Must be between 5 and 32 (10 and 64 hex digits)\n", u->engine.len);
+ }
+
if ( u->user.userName.len == ue->user.userName.len
&& u->engine.len == ue->engine.len ) {
if (u->engine.len > 0 && memcmp( u->engine.data, ue->engine.data, u->engine.len ) == 0) {
if ( memcmp( u->user.userName.data, ue->user.userName.data, ue->user.userName.len ) == 0 ) {
/* XXX: make a string for the engineId */
- g_string_append_printf(es,"duplicate key (userName='%s')\n",ue->user.userName.data);
+ g_string_append_printf(es,"Duplicate key (userName='%s')\n",ue->user.userName.data);
}
}
if (u->engine.len == 0) {
if ( memcmp( u->user.userName.data, ue->user.userName.data, ue->user.userName.len ) == 0 ) {
- g_string_append_printf(es,"duplicate key (userName='%s' engineId=NONE)\n",ue->user.userName.data);
+ g_string_append_printf(es,"Duplicate key (userName='%s' engineId=NONE)\n",ue->user.userName.data);
}
}
}
NULL, HFILL }},
/*--- End of included file: packet-snmp-hfarr.c ---*/
-#line 2133 "packet-snmp-template.c"
+#line 2137 "packet-snmp-template.c"
};
/* List of subtrees */
&ett_snmp_RReqPDU_U,
/*--- End of included file: packet-snmp-ettarr.c ---*/
-#line 2149 "packet-snmp-template.c"
+#line 2153 "packet-snmp-template.c"
};
module_t *snmp_module;