[SNMP4J] Problems in DefaultTcpTransportMapping when receiving fragmented header

Bruno Filipe Basilio Bruno.Basilio at brisa.pt
Mon Jan 25 22:29:09 CET 2016 

> I have fixed this issue in the latest SNMP4J 2.4.2 snapshot release.
> Your fix, seemed to be not complete (it covers not all kind of fragmentations).
> So I developed a more general fix.

Thank you for your input.
I've tested your fix and hit some other issues, see details bellow.
Please check the following changes that seem to fix the issues in our tested scenario.

--- old/org/snmp4j/transport/DefaultTcpTransportMapping.java    2016-01-24 23:49:26.000000000 +0000
+++ new/org/snmp4j/transport/DefaultTcpTransportMapping.java    2016-01-25 20:26:28.671899400 +0000
@@ -524,14 +558,16 @@ public class DefaultTcpTransportMapping
     public MessageLength getMessageLength(ByteBuffer buf) throws IOException {
       MutableByte type = new MutableByte();
       BERInputStream is = new BERInputStream(buf);
-      int ml = BER.decodeHeader(is, type);
+      int ml = BER.decodeHeader(is, type, false);
       int hl = (int)is.getPosition();
       MessageLength messageLength = new MessageLength(hl, ml);
       return messageLength;
@@ -1199,14 +1241,17 @@ public class DefaultTcpTransportMapping

   private void addBufferToReadBuffer(SocketEntry entry, ByteBuffer byteBuffer) {
     int buflen = byteBuffer.position();
+    int buflimit = byteBuffer.limit();
     if (entry.getReadBuffer() != null) {
       entry.getReadBuffer().put(byteBuffer.array(), 0, buflen);
     }
     else {
-      byte[] message = new byte[byteBuffer.limit()];
+      byte[] message = new byte[byteBuffer.capacity()];
       byteBuffer.flip();
       byteBuffer.get(message, 0, buflen);
       ByteBuffer newBuffer = ByteBuffer.wrap(message);
+      newBuffer.limit(buflimit);
       newBuffer.position(buflen);
       entry.setReadBuffer(newBuffer);
     }

*Issue 1*:  Message length decoding in header fails when checking message length
Logs:
2016-01-25 09:42:38,324-0700 [DEBUG|DefaultTcpTransportMapping$ServerThread] (DefaultTcpTransportMapping.java:1034) Reading header 9 bytes from 172.26.50.120/4001
2016-01-25 09:42:38,402-0700 [DEBUG|DefaultTcpTransportMapping$ServerThread] (DefaultTcpTransportMapping.java:1001) Read 1 bytes from 172.26.50.120/4001
2016-01-25 09:42:38,402-0700 [WARN|DefaultTcpTransportMapping$ServerThread] (DefaultTcpTransportMapping.java:854) java.io.IOException: The encoded length 127 exceeds the number of bytes left in input at position 6 which actually is 10
2016-01-25 09:42:38,402-0700 [DEBUG|TcpTransportMapping] (TcpTransportMapping.java:133) Firing transport state event: org.snmp4j.transport.TransportStateEvent[source=org.snmp4j.transport.DefaultTcpTransportMapping at 14aa6c3,peerAddress=172.26.50.120/4001,newState=2,cancelled=false,causingException=java.io.IOException: The encoded length 127 exceeds the number of bytes left in input at position 6 which actually is 10]

*Issue 2*: Read buffer capacity definition fail after fixing issue 1
Logs:
2016-01-25 12:13:15,480-0700 [DEBUG|DefaultTcpTransportMapping$ServerThread] (DefaultTcpTransportMapping.java:1034) Reading header 1 bytes from 172.26.50.120/4001
2016-01-25 12:13:15,551-0700 [DEBUG|DefaultTcpTransportMapping$ServerThread] (DefaultTcpTransportMapping.java:1001) Read 9 bytes from 172.26.50.120/4001
2016-01-25 12:13:15,551-0700 [DEBUG|DefaultTcpTransportMapping$ServerThread] (DefaultTcpTransportMapping.java:1074) Message length is org.snmp4j.transport.MessageLength[headerLength=6,payloadLength=130]

std-out:
Exception in thread "DefaultTCPTransportMapping_10.170.0.12/0" java.lang.IllegalArgumentException
        at java.nio.Buffer.limit(Buffer.java:267)
        at org.snmp4j.transport.DefaultTcpTransportMapping$ServerThread.readSnmpMessagePayload(DefaultTcpTransportMapping.java:1092)
        at org.snmp4j.transport.DefaultTcpTransportMapping$ServerThread.readMessage(DefaultTcpTransportMapping.java:1011)
        at org.snmp4j.transport.DefaultTcpTransportMapping$ServerThread.run(DefaultTcpTransportMapping.java:838)
        at java.lang.Thread.run(Thread.java:724)

Best regards,
Bruno


Bruno Filipe Basílio
Departamento de Investigação, Desenvolvimento e Inovação

Tel: (+351) 214233436

http://www.brisainovacao.pt







--------------------------------------------------------------------------------

Declaração:
A informação contida nesta mensagem, e os ficheiros anexos, é privilegiada e confidencial, destinando-se exclusivamente ao(s) destinatário(s).Se não é o destinatário (ou o responsável pela sua entrega ao destinatário) e recebeu a mesma por engano, fica notificado que é estritamente proibido reproduzir, guardar ou distribuir toda ou qualquer parte desta mensagem e ficheiros anexos. Por favor reencaminhe a mensagem para o responsável pelo seu envio ou contacte-nos por telefone e elimine a mensagem e ficheiros anexos do seu computador, sem os reproduzir.

Disclaimer:
The information contained in this message, and any files attached, is privileged and confidential, and intended exclusively for the included addresses. If you are not the intended recipient (or the person responsible for delivering to the intended recipient) and received this message by mistake, be aware that copy, storage, distribution or any other use of all or part of this message and the files attached is strictly prohibited. Please notify the sender by reply e-mail or contact us by telephone and delete this message and the files attached, without retaining a copy.

--------------------------------------------------------------------------------

More information about the SNMP4J mailing list