unchanged: --- net-snmp/man/snmpd.conf.5.def (revision 16340) +++ net-snmp/man/snmpd.conf.5.def (revision 16341) @@ -71,6 +71,28 @@ .IP "leave_pidfile yes" instructs the agent to not remove its pid file on shutdown. Equivalent to specifying "-U" on the command line. +.IP "maxGetbulkRepeats NUM" +Sets the maximum number of responses allowed for a single variable in +a getbulk request. Set to 0 to enable the default and set it to -1 to +enable unlimited. Because memory is allocated ahead of time, sitting +this to unlimited is not considered safe if your user population can +not be trusted. A repeat number greater than this will be truncated +to this value. +.IP +This is set by default to -1. +.IP "maxGetbulkResponses NUM" +Sets the maximum number of responses allowed for a getbulk request. +This is set by default to 100. Set to 0 to enable the default and set +it to -1 to enable unlimited. Because memory is allocated ahead of +time, sitting this to unlimited is not considered safe if your user +population can not be trusted. +.IP +In general, the total number of responses will not be allowed to +exceed the maxGetbulkResponses number and the total number returned +will be an integer multiple of the number of variables requested times +the calculated number of repeats allow to fit below this number. +.IP +Also not that processing of maxGetbulkRepeats is handled first. .SS SNMPv3 Configuration SNMPv3 requires an SNMP agent to define a unique "engine ID" in order to respond to SNMPv3 requests. unchanged: --- net-snmp/include/net-snmp/agent/ds_agent.h (revision 16340) +++ net-snmp/include/net-snmp/agent/ds_agent.h (revision 16341) @@ -51,5 +51,7 @@ #define NETSNMP_DS_AGENT_CACHE_TIMEOUT 10 /* default cache timeout */ #define NETSNMP_DS_AGENT_INTERNAL_VERSION 11 /* used by internal queries */ #define NETSNMP_DS_AGENT_INTERNAL_SECLEVEL 12 /* used by internal queries */ +#define NETSNMP_DS_AGENT_MAX_GETBULKREPEATS 13 /* max getbulk repeats */ +#define NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES 14 /* max getbulk respones */ #endif unchanged: --- net-snmp/agent/agent_read_config.c (revision 16340) +++ net-snmp/agent/agent_read_config.c (revision 16341) @@ -255,6 +255,12 @@ netsnmp_ds_register_config(ASN_BOOLEAN, app, "leave_pidfile", NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_LEAVE_PIDFILE); + netsnmp_ds_register_config(ASN_INTEGER, app, "maxGetbulkRepeats", + NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_MAX_GETBULKREPEATS); + netsnmp_ds_register_config(ASN_INTEGER, app, "maxGetbulkResponses", + NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES); netsnmp_init_handler_conf(); #include "agent_module_dot_conf.h" diff -u net-snmp/agent/snmp_agent.c branches/V5-3-patches/net-snmp/agent/snmp_agent.c --- net-snmp/agent/snmp_agent.c (revision 16341) +++ net-snmp/agent/snmp_agent.c (revision 16344) @@ -2147,7 +2147,6 @@ * getbulk prep */ int count = count_varbinds(asp->pdu->variables); - if (asp->pdu->errstat < 0) { asp->pdu->errstat = 0; } @@ -2164,8 +2163,37 @@ r = 0; asp->bulkcache = NULL; } else { + int numresponses; + int maxbulk = + netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_MAX_GETBULKREPEATS); + int maxresponses = + netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES); + + if (maxresponses == 0) + maxresponses = 100; /* more than reasonable default */ + + if (maxbulk == 0) + maxbulk = -1; + + /* limit getbulk number of repeats to a configured size */ + if (asp->pdu->errindex > maxbulk && maxbulk != -1) { + asp->pdu->errindex = maxbulk; + } + + numresponses = asp->pdu->errindex * r; + + /* limit getbulk number of getbulk responses to a configured size */ + if (maxresponses != -1 && numresponses > maxresponses) { + /* attempt to truncate this */ + asp->pdu->errindex = maxresponses/r; + numresponses = asp->pdu->errindex * r; + DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex)); + } + asp->bulkcache = - (netsnmp_variable_list **) malloc(asp->pdu->errindex * r * + (netsnmp_variable_list **) malloc(numresponses * sizeof(struct varbind_list *)); if (!asp->bulkcache) {