diff options
author | Micael Karlberg <[email protected]> | 2013-10-18 11:32:25 +0200 |
---|---|---|
committer | Micael Karlberg <[email protected]> | 2013-10-21 12:50:41 +0200 |
commit | 300803837926d0bb28829f313fad07f757188d41 (patch) | |
tree | 9fdc1833b7e45b44fa3d50e48f17dcc74636336c /lib/snmp/src/manager | |
parent | a803a95c00f89932d2cfd7a7b424aad05fa276b8 (diff) | |
download | otp-300803837926d0bb28829f313fad07f757188d41.tar.gz otp-300803837926d0bb28829f313fad07f757188d41.tar.bz2 otp-300803837926d0bb28829f313fad07f757188d41.zip |
[snmp/manager] Incorrect use of EngineBoots and EngineTime when encrypting
When performing the AES encryption, invalid values for the
EngineBoots and EngineTime was used. The values of the local
agent was used, which would have produced some values if an
agent was actually running. If not it would have caused a crash.
OTP-11413
Diffstat (limited to 'lib/snmp/src/manager')
-rw-r--r-- | lib/snmp/src/manager/snmpm_usm.erl | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/snmp/src/manager/snmpm_usm.erl b/lib/snmp/src/manager/snmpm_usm.erl index 497d6d6102..0a8a6436a3 100644 --- a/lib/snmp/src/manager/snmpm_usm.erl +++ b/lib/snmp/src/manager/snmpm_usm.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2011. All Rights Reserved. +%% Copyright Ericsson AB 2004-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -19,6 +19,9 @@ %%----------------------------------------------------------------- %% This module implements the User Based Security Model for SNMP, %% as defined in rfc2274. +%% +%% AES: RFC 3826 +%% %%----------------------------------------------------------------- -module(snmpm_usm). @@ -416,11 +419,14 @@ get_des_salt() -> [?i32(EngineBoots), ?i32(SaltInt)]. aes_encrypt(PrivKey, Data) -> - snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0). + EngineBoots = get_engine_boots(), + EngineTime = get_engine_time(), + snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0, + EngineBoots, EngineTime). aes_decrypt(PrivKey, UsmSecParams, EncData) -> - #usmSecurityParameters{msgPrivacyParameters = MsgPrivParams, - msgAuthoritativeEngineTime = EngineTime, + #usmSecurityParameters{msgPrivacyParameters = MsgPrivParams, + msgAuthoritativeEngineTime = EngineTime, msgAuthoritativeEngineBoots = EngineBoots} = UsmSecParams, snmp_usm:aes_decrypt(PrivKey, MsgPrivParams, EncData, |