J
John Ramsden
I am writing an SNMP trap handler, using Graham Barr's Convert::BER
module (which looks excellent, from what I can see) to translate the
PDUs from binary to a manageable structure.
When reading raw traps from a socket connection, Convert::BER relies
on the datagram length which appears near the start of the raw trap
string.
But, as Barr points out in a source code comment, what is to stop a
hacker (or just an erroneous program) sending to an SNMP trap port
an SNMP trap datagram with a length longer than tha actual length
of the datagram, thus causing the trap handler to hang while it
waits for the rest of the datagram which may never appear?
Anyway, apart from using a timeout, I was wondering if there is some
lower-level Perl (or any) method of reading an UDP datagrams as a
unit, so that this problem cannot arise.
Also, I need solutions for Unix and Windows if possible, even if a
different approach must be used for each.
Cheers
John Ramsden ([email protected])
module (which looks excellent, from what I can see) to translate the
PDUs from binary to a manageable structure.
When reading raw traps from a socket connection, Convert::BER relies
on the datagram length which appears near the start of the raw trap
string.
But, as Barr points out in a source code comment, what is to stop a
hacker (or just an erroneous program) sending to an SNMP trap port
an SNMP trap datagram with a length longer than tha actual length
of the datagram, thus causing the trap handler to hang while it
waits for the rest of the datagram which may never appear?
Anyway, apart from using a timeout, I was wondering if there is some
lower-level Perl (or any) method of reading an UDP datagrams as a
unit, so that this problem cannot arise.
Also, I need solutions for Unix and Windows if possible, even if a
different approach must be used for each.
Cheers
John Ramsden ([email protected])