Floating point exception in AuthMD5
Jochen Katz
katz____agentpp.com
Fri Feb 21 20:17:53 CET 2003
Hi Alexander,
> It seems that AuthMD5::password_to_key (and probably
> the same applies to the privacy class) is not very robust with regard to
> use of empty password strings. Here is what I get under gdb if I try to
> add user with an empty authentication password:
>
> [...]
> I think a nicer way would have been to propagate error back to
> the user of add_usm_user(...) method, although the lack of checks in that
> function seems fair.
ok, the patch below will be in the next release (maybe I should add a
new error number).
Regards,
Jochen
--- auth_priv.cpp 12 Jan 2003 22:18:29 -0000 1.8
+++ auth_priv.cpp 21 Feb 2003 19:13:18 -0000
@@ -431,6 +431,12 @@
return SNMPv3_USM_OK;
}
+ if (!password || (password_len == 0))
+ {
+ debugprintf(0, "password_to_key_auth error: no password given.");
+ return SNMPv3_USM_ERROR;
+ }
+
Auth *a = get_auth(auth_prot);
if (!a)
@@ -458,6 +464,12 @@
{
*key_len = 0;
return SNMPv3_USM_OK;
+ }
+
+ if (!password || (password_len == 0))
+ {
+ debugprintf(0, "password_to_key_priv error: no password given.");
+ return SNMPv3_USM_ERROR;
}
Priv *p = get_priv(priv_prot);
More information about the AGENTPP
mailing list