[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #60717] SNMPv3: Signed integer overflow after 68 years

From: Tim Schendekehl
Subject: [lwip-devel] [bug #60717] SNMPv3: Signed integer overflow after 68 years
Date: Tue, 1 Jun 2021 05:46:18 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0


                 Summary: SNMPv3: Signed integer overflow after 68 years
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: timschendekehl
            Submitted on: Tue 01 Jun 2021 09:46:16 AM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head



Function snmp_parse_inbound_frame in file src/apps/snmp/snmp_msg.c contains a
check for the engine time:
  if (request->msg_authoritative_engine_time > (time + 150)) {

After SNMP_MAX_TIME_BOOT seconds (68 years) the engine time will be reset to
zero and the boot count will be increased. The last 150 seconds before that
happens, there will be a signed integer overflow and SNMP packets will be
rejected. Note that msg_authoritative_engine_time and time are signed 32-bit
integers. Of course it is unlikely, that a device is running for so long
without reboot.


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]