--- tags/Ext-5-4-2-1/net-snmp/agent/snmp_agent.c 2008/10/30 22:58:47 17271
+++ tags/Ext-5-4-2-1/net-snmp/agent/snmp_agent.c 2008/10/31 15:16:51 17272
@@ -2170,7 +2170,6 @@
r = 0;
asp->bulkcache = NULL;
} else {
- int numresponses;
int maxbulk =
netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
@@ -2181,28 +2180,31 @@
if (maxresponses == 0)
maxresponses = 100; /* more than reasonable default */
- if (maxbulk == 0)
- maxbulk = -1;
+ /* ensure that the total number of responses fits in a mallocable
+ * result vector
+ */
+ if (maxresponses < 0 ||
+ maxresponses > INT_MAX / sizeof(struct varbind_list *))
+ maxresponses = INT_MAX / sizeof(struct varbind_list *);
+
+ /* ensure that the maximum number of repetitions will fit in the
+ * result vector
+ */
+ if (maxbulk <= 0 || maxbulk > maxresponses / r)
+ maxbulk = maxresponses / r;
/* limit getbulk number of repeats to a configured size */
- if (asp->pdu->errindex > maxbulk && maxbulk != -1) {
+ if (asp->pdu->errindex > maxbulk) {
asp->pdu->errindex = maxbulk;
- }
-
- numresponses = asp->pdu->errindex * r;
-
- /* limit getbulk number of getbulk responses to a configured size */
- if (maxresponses != -1 && numresponses > maxresponses) {
- /* attempt to truncate this */
- asp->pdu->errindex = maxresponses/r;
- numresponses = asp->pdu->errindex * r;
- DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex));
+ DEBUGMSGTL(("snmp_agent",
+ "truncating number of getbulk repeats to %d\n",
+ asp->pdu->errindex));
}
asp->bulkcache =
- (netsnmp_variable_list **) malloc(numresponses *
- sizeof(struct
- varbind_list *));
+ (netsnmp_variable_list **) malloc(
+ asp->pdu->errindex * r * sizeof(struct varbind_list *));
+
if (!asp->bulkcache) {
DEBUGMSGTL(("snmp_agent", "Bulkcache malloc failed\n"));
return SNMP_ERR_GENERR;
