=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/snmp/snmp.c,v retrieving revision 1.5 retrieving revision 1.6 diff -c -r1.5 -r1.6 *** src/usr.bin/snmp/snmp.c 2019/09/18 09:52:47 1.5 --- src/usr.bin/snmp/snmp.c 2019/09/18 09:54:36 1.6 *************** *** 1,4 **** ! /* $OpenBSD: snmp.c,v 1.5 2019/09/18 09:52:47 martijn Exp $ */ /* * Copyright (c) 2019 Martijn van Duren --- 1,4 ---- ! /* $OpenBSD: snmp.c,v 1.6 2019/09/18 09:54:36 martijn Exp $ */ /* * Copyright (c) 2019 Martijn van Duren *************** *** 359,365 **** snmp_package(struct snmp_agent *agent, struct ber_element *pdu, size_t *len) { struct ber ber; ! struct ber_element *message, *scopedpdu = NULL, *secparams; ssize_t securitysize, ret; size_t secparamsoffset; char *securityparams = NULL, *packet = NULL; --- 359,365 ---- snmp_package(struct snmp_agent *agent, struct ber_element *pdu, size_t *len) { struct ber ber; ! struct ber_element *message, *scopedpdu = NULL, *secparams, *encpdu; ssize_t securitysize, ret; size_t secparamsoffset; char *securityparams = NULL, *packet = NULL; *************** *** 402,407 **** --- 402,414 ---- ber_free_elements(scopedpdu); goto fail; } + if (agent->v3->level & SNMP_MSGFLAG_PRIV) { + if ((encpdu = agent->v3->sec->encpdu(agent, scopedpdu, + cookie)) == NULL) + goto fail; + ber_free_elements(scopedpdu); + scopedpdu = encpdu; + } if (ber_printf_elements(message, "d{idxd}xe", agent->version, msgid, UDP_MAXPACKET, &(agent->v3->level), (size_t) 1, agent->v3->sec->model, securityparams, *************** *** 450,457 **** size_t msgflagslen, secparamslen; struct ber_element *message = NULL, *payload, *scopedpdu, *ctxname; off_t secparamsoffset; ! char *engineid; ! size_t engineidlen; bzero(&ber, sizeof(ber)); ber_set_application(&ber, smi_application); --- 457,465 ---- size_t msgflagslen, secparamslen; struct ber_element *message = NULL, *payload, *scopedpdu, *ctxname; off_t secparamsoffset; ! char *encpdu, *engineid; ! size_t encpdulen, engineidlen; ! void *cookie = NULL; bzero(&ber, sizeof(ber)); ber_set_application(&ber, smi_application); *************** *** 485,493 **** if (msgflagslen != 1) goto fail; if (agent->v3->sec->parseparams(agent, buf, buflen, ! secparamsoffset, secparams, secparamslen, ! msgflags[0]) == -1) goto fail; if (ber_scanf_elements(scopedpdu, "{xeS{", &engineid, &engineidlen, &ctxname) == -1) goto fail; --- 493,511 ---- if (msgflagslen != 1) goto fail; if (agent->v3->sec->parseparams(agent, buf, buflen, ! secparamsoffset, secparams, secparamslen, msgflags[0], ! &cookie) == -1) { ! cookie = NULL; goto fail; + } + if (msgflags[0] & SNMP_MSGFLAG_PRIV) { + if (ber_scanf_elements(scopedpdu, "x", &encpdu, + &encpdulen) == -1) + goto fail; + if ((scopedpdu = agent->v3->sec->decpdu(agent, encpdu, + encpdulen, cookie)) == NULL) + goto fail; + } if (ber_scanf_elements(scopedpdu, "{xeS{", &engineid, &engineidlen, &ctxname) == -1) goto fail; *************** *** 505,515 **** --- 523,536 ---- } ber_free_elements(message); + agent->v3->sec->freecookie(cookie); return pdu; } /* NOTREACHED */ fail: + if (version == SNMP_V3) + agent->v3->sec->freecookie(cookie); ber_free_elements(message); return NULL; }