[ECOS] Re: SNMP lockup

Grant Edwards grante@visi.com
Fri May 8 22:05:00 GMT 2009


>> It appears that in mibgroup/mibII/interfaces.c, the call to 
>>
>>   cyg_snmp_get_if(if_num)
>>
>> with if_num==0 never returns.
>
>     struct ifnet *cyg_snmp_get_if(int if_num) {
>       int index = 0;
>       struct ifnet *ifp;
>       
>       do {
>         while(0 == ifnet_addrs[index])
>           index++;
>     
>         ifp = ifnet_addrs[index]->ifa_ifp;
>         
>         if_num--;       
>         index++;
>       } while (if_num);
>     
>       return ifp;
>     }
>
> If the above code is called with if_num==0, won't it decrement
> it to -1, and then loop 2^32 times before giving up?

It also mis-handles negative values in a similar manner.

Adding a check seems to fix things:

    struct ifnet *cyg_snmp_get_if(int if_num) {
      int index = 0;
      struct ifnet *ifp;
    
      if (if_num <= 0)
        return NULL;
      
      do {

    [...]      

It should also probably check to make sure index doesn't go off
then end of if_addrs[] when large positive numbers are passed.
Perhaps something like this:

struct ifnet *cyg_snmp_get_if(int if_num)
  {
    int index = 0;
    struct ifnet *ifp;

    if (if_num == 0)
      return NULL;

    do
      {
        while (0 == ifnet_addrs[index] && index < if_index)
          index++;

        if (index >= if_index)
          return NULL;

        ifp = ifnet_addrs[index]->ifa_ifp;

        if_num--;
        index++;
      }
    while (if_num);

    return ifp;
  }



-- 
Grant Edwards                   grante             Yow! over in west
                                  at               Philadelphia a puppy is
                               visi.com            vomiting ...


-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss



More information about the Ecos-discuss mailing list