Skip to content

Fixes for undefined behavior in the snmp decoder #1345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fixes for undefined behavior in the snmp decoder #1345

wants to merge 2 commits into from

Conversation

fenner
Copy link
Contributor

@fenner fenner commented Jul 22, 2025

These changes fix undefined behavior in the snmp decoder when the underlying representation is of a value larger than 32-bits. The decoder fundamentally doesn't support these values, and the original behavior is GIGO. We retain the same GIGO behavior, but avoiding undefined behavior.

Fixes #1054

fenner added 2 commits July 21, 2025 17:43
@fenner
Avoid undefined behavior when handling large ASN.1 integers
7b1e0b2 
Instead of shifting bits off the top of the 32-bit value,
we mask off the top 8 bits before shifting them away, and
restore the sign bit at the end.  This still results in
a result that is not what was intended, as this code can
not handle values greater than 2^31-1 or smaller than
-2^31, but this new mechanism results in a "more correct"
garbage out, with no undefined behavior.
@fenner
Avoid undefined behavior when decoding OID values in print-snmp
7f180e4 
When decoding an OID, and shifting left by 7, mask off the top
7 bits first. This still results in GIGO, but avoids undefined
behavior on the way there. OIDs with values this large are not
supported by this code.
@fxlb fxlb requested a review from guyharris July 24, 2025 14:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guyharris guyharris Awaiting requested review from guyharris

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UBSan violations in print-pflog.c and print-snmp.c
1 participant
@fenner
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy