Skip to content

Value corruption for ASN_COUNTER64 #19

@arkhitekton

Description

@arkhitekton

net-snmp-0.2.5/lib/net/snmp/varbind.rb, in value()

when Constants::ASN_COUNTER64
  counter = Wrapper::Counter64.new(struct.val[:counter64])
  counter.high * 2^32 + counter.low

The caret operator in Ruby is the bitwise XOR operator.
Operator precedence for the operators in the above expression (high to low) is * + ^
If high and low were both 0, this evaluates as such:
(0 * 2) ^ (32 + 0) = 0 ^ 32 = 32

10000 XOR 00000 results in 10000 (32).

This is a pretty serious breach of integrity for high-capacity counters! Any user should patch your own copy of this library!

As you can see the result is not what was intended, which is to use an exponent operator. In Ruby, that's ** and it is higher in precedence than all but !, ~, and unary +.

Line 51 of varbind.rb (as of the current commit 490fa59) should read

  counter.high * 2**32 + counter.low

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions