Skip to content

unmarshal: fix panic from reading beyond slice #441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 28, 2023
Merged

unmarshal: fix panic from reading beyond slice #441

merged 3 commits into from
Aug 28, 2023

Conversation

n3integration
Copy link
Contributor

Resolves #440

Expand the bounds check of the packet bytes to prevent reading beyond the available number of bytes

@SuperQ
Copy link
Contributor

SuperQ commented Aug 9, 2023

Would you mind adding the example problem slice as a new unit test?

@n3integration
unmarshal: fix panic from reading beyond slice
238b9fa 
Signed-off-by: n3integration <n3integration@users.noreply.github.com>
@n3integration
tests: supporting unmarshalHeader panic test
da54c36 
Signed-off-by: n3integration <n3integration@users.noreply.github.com>
@n3integration
tests: remove unused test func
2913211 
Signed-off-by: n3integration <n3integration@users.noreply.github.com>
SuperQ
SuperQ approved these changes Aug 10, 2023
View reviewed changes
Copy link
Contributor

@SuperQ SuperQ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks!

@SuperQ SuperQ requested a review from TimRots August 10, 2023 07:09
@n3integration
Copy link
Contributor Author

Hey @SuperQ + @TimRots 👋 - thanks for reviewing the PR! Is anything else pending that I need to look into or update before being approved+merged?

TimRots
TimRots approved these changes Aug 28, 2023
View reviewed changes
Copy link
Member

@TimRots TimRots left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for late approve, was sick last weeks.

@SuperQ
Copy link
Contributor

SuperQ commented Aug 28, 2023

No worries, hope you're feeling better.

@SuperQ SuperQ merged commit 7c9f0bf into gosnmp:master Aug 28, 2023
SuperQ added a commit that referenced this pull request Aug 28, 2023
@SuperQ
Release v1.36.0
58eaadd 
This release now requires Go 1.20 or higher.

* [ENHANCEMENT] Allow sending v1 traps that have no varbinds #426
* [BUGFIX] Fix getBulk SnmpPacket MaxRepetitions value #413
* [BUGFIX] Refactor security logger #422
* [BUGFIX] Add privacy passphrase in extendKeyBlumenthal cacheKey call #425
* [BUGFIX] unmarshal: fix panic from reading beyond slice #441

Signed-off-by: SuperQ <superq@gmail.com>
@SuperQ SuperQ mentioned this pull request Aug 28, 2023
Merged
@n3integration n3integration deleted the bug/snmp-unmarshal-extra-bounds-check branch September 1, 2023 18:43
vma pushed a commit to sipsolutions/gosnmp that referenced this pull request May 6, 2025
@SuperQ @vma
Release v1.36.0
22918b7 
This release now requires Go 1.20 or higher.

* [ENHANCEMENT] Allow sending v1 traps that have no varbinds gosnmp#426
* [BUGFIX] Fix getBulk SnmpPacket MaxRepetitions value gosnmp#413
* [BUGFIX] Refactor security logger gosnmp#422
* [BUGFIX] Add privacy passphrase in extendKeyBlumenthal cacheKey call gosnmp#425
* [BUGFIX] unmarshal: fix panic from reading beyond slice gosnmp#441

Signed-off-by: SuperQ <superq@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperQ SuperQ SuperQ approved these changes

@TimRots TimRots TimRots approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Panic in unmarshalV3Header
3 participants
@n3integration @SuperQ @TimRots